From 9fc00f14d4493c831aa48fb4be45c01d6c0111d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Wed, 4 Sep 2019 10:50:33 +0200
Subject: [PATCH] SELinux: correct type for /var/log/containers

The correct type for this directory is "container_file_t" (or
svirt_sandbox_file_t). The var_log_t was needed before in order to allow
syslog to write HAProxy logs in /var/log/containers/haproxy.

This is not needed anymore, since a patch in openstack-selinux[1] allows
syslog to have a full access to container_file_t type.
Moreover, since we have logrotate running in a container, it mounts the
/var/log/containers location with ":z" flag, which re-labels all the
files to container_file_t.

[1] https://github.com/redhat-openstack/openstack-selinux/commit/f9b45cede356c0e09f78ffb8a3c01fb80b6aac36

Change-Id: I13a90695686b9134f6fcceac1bf6d22c2ac390a5
---
 common/deploy-steps-tasks.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index cfb3c3691b..140e73d816 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -32,7 +32,7 @@
           file:
             path: /var/log/containers
             state: directory
-            setype: var_log_t
+            setype: container_file_t
             selevel: s0
           tags:
             - host_config