Correct SELinux type for host openvswitch logs
Openvswitch server is running on the host, and puts its logs in /var/log/openvswitch, while its agents are in containers and put logs in /var/log/containers/openvswitch. This means the /var/log/openvswitch container doesn't need to get the fancy "container_file_t" type, and can be set to the right one, openvswitch_log_t. This will prevent issues with different softwares, such as logrotate or even openvswitch itself on a SELinux enforcing system. Change-Id: I4a786ecb60190759754d17f7b4e84d93f7ffb389
This commit is contained in:
Cédric Jeanneret
parent
7aa95e75e3
commit
c27b4ed09c
@ -210,7 +210,7 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/openvswitch, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t }
|
||||
- name: openvswitch logs readme
|
||||
copy:
|
||||
dest: /var/log/openvswitch/readme.txt
|
||||
|
||||
@ -209,7 +209,7 @@ outputs:
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/openvswitch, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t }
|
||||
- name: openvswitch logs readme
|
||||
copy:
|
||||
dest: /var/log/openvswitch/readme.txt
|
||||
|
||||
@ -185,7 +185,7 @@ outputs:
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/openvswitch, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t }
|
||||
- name: openvswitch logs readme
|
||||
copy:
|
||||
dest: /var/log/openvswitch/readme.txt
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user