SELinux: correct type for /var/log/containers

The correct type for this directory is "container_file_t" (or
svirt_sandbox_file_t). The var_log_t was needed before in order to allow
syslog to write HAProxy logs in /var/log/containers/haproxy.

This is not needed anymore, since a patch in openstack-selinux[1] allows
syslog to have a full access to container_file_t type.
Moreover, since we have logrotate running in a container, it mounts the
/var/log/containers location with ":z" flag, which re-labels all the
files to container_file_t.

[1] f9b45cede3

Change-Id: I13a90695686b9134f6fcceac1bf6d22c2ac390a5
This commit is contained in:
Cédric Jeanneret 2019-09-04 10:50:33 +02:00
parent 6403ff68ce
commit 9fc00f14d4
1 changed files with 1 additions and 1 deletions

View File

@ -32,7 +32,7 @@
file:
path: /var/log/containers
state: directory
setype: var_log_t
setype: container_file_t
selevel: s0
tags:
- host_config