Johnny Tan wrote:
I'm stumped.
I run a Java app called Solr, which does search indexing. My solr server
creates the index, then I have a bunch of solr clients that rsync that
index over.
The rsync itself is fine, that works. The problem is it won't write to
the appropriate logfile, which is:
/opt/solr/logs/rsyncd.log
/opt/solr/logs is a symlink to /var/log/store.
A little bit more information that might help solve this...
If I remove the symlink, and /opt/solr/bin/rsyncd-start runs
(which basically starts rsyncd), then rsyncd can write to
/opt/solr/logs/rsyncd.log with no problems.
If I put the symlink back in (to /var/log/store), then it
fails (again, with no AVC messages).
The only difference I can see between /opt/solr/logs (as a
directory) and /var/log/store is the default contexts, for
/opt/solr/logs, it's root:object_r:usr_t, for /var/log/store
it's root:object_r:var_log_t
When I put the symlink back, I tried changing the context of
/var/log/store to root:object_r:usr_t to match
/opt/solr/logs, but that doesn't seem to make a difference.
Max, a list member, suggested offline that it might have to
do with type_transition, which does seem to make sense.
I tried both:
type_transition rsync_t var_log_t : file rsync_log_t;
and
type_transition rsync_t var_log_t : file usr_t;
But neither worked (I have all the appropriate allows for
those contexts).
Am I going down the right path here (type_transition)? Or
does anyone else have a suggestion in terms of how the
symlink can be used?
johnn
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
