SELinux: correct type for /var/log/containers
The correct type for this directory is "container_file_t" (or
svirt_sandbox_file_t). The var_log_t was needed before in order to allow
syslog to write HAProxy logs in /var/log/containers/haproxy.
This is not needed anymore, since a patch in openstack-selinux[1] allows
syslog to have a full access to container_file_t type.
Moreover, since we have logrotate running in a container, it mounts the
/var/log/containers location with ":z" flag, which re-labels all the
files to container_file_t.
[1] f9b45cede3
Change-Id: I13a90695686b9134f6fcceac1bf6d22c2ac390a5
This commit is contained in:
parent
6403ff68ce
commit
9fc00f14d4
|
@ -32,7 +32,7 @@
|
|||
file:
|
||||
path: /var/log/containers
|
||||
state: directory
|
||||
setype: var_log_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
tags:
|
||||
- host_config
|
||||
|
|
Loading…
Reference in New Issue