Hi Jason,
----- Original Message -----
From: "jason" jtfas90@gmail.com To: selinux@lists.fedoraproject.org Sent: Friday, December 11, 2015 2:51:48 PM Subject: logrotate and unlabeled_t
Hi All,
I am attempting to use logrotate to rotate a log file with the unlabeled_t context, as it turns out SELinux is not happy about this and denies logrotate access to the log file.
unlabeled_t in this case would indicate the file has no security context
What's the preferred method here to allow access? I used audit2allow and installed the .pp but but was reading some docs[0] and wanted to double check my solution.
Label the file with the appropriate logfile type supported by logrotate
sesearch -A -s logrotate_t -c file
The points in the docs were that I wanted to check on were "Missing TE rules are usually caused by bugs in SELinux policy and should be reports.." Should I report my particular instance as a bug?
"Modules created with audit2allow may allow more access than required. It is recommended that policy created with audit2allow be posted to the upstream SELinux list for review."
Thanks in advance!
JT
[0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Li nux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security- Enhanced_Linux-Troubleshooting-Fixing_Problems.html -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org