SELinux: correct type for /var/log/containers
The correct type for this directory is "container_file_t" (or svirt_sandbox_file_t). The var_log_t was needed before in order to allow syslog to write HAProxy logs in /var/log/containers/haproxy. This is not needed anymore, since a patch in openstack-selinux[1] allows syslog to have a full access to container_file_t type. Moreover, since we have logrotate running in a container, it mounts the /var/log/containers location with ":z" flag, which re-labels all the files to container_file_t. [1]f9b45cede3
Change-Id: I13a90695686b9134f6fcceac1bf6d22c2ac390a5 (cherry picked from commit9fc00f14d4
)
This commit is contained in:
parent
ac5f18c7eb
commit
c530ba4f56
@ -32,7 +32,7 @@
|
||||
file:
|
||||
path: /var/log/containers
|
||||
state: directory
|
||||
setype: var_log_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
tags:
|
||||
- host_config
|
||||
|
Loading…
Reference in New Issue
Block a user