Hi Jason, ----- Original Message ----- > From: "jason" <jtfas90@xxxxxxxxx> > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Friday, December 11, 2015 2:51:48 PM > Subject: logrotate and unlabeled_t > > Hi All, > > I am attempting to use logrotate to rotate a log file with the > unlabeled_t context, as it turns out SELinux is not happy about this > and denies logrotate access to the log file. > unlabeled_t in this case would indicate the file has no security context > What's the preferred method here to allow access? I used audit2allow > and installed the .pp but but was reading some docs[0] and wanted to > double check my solution. > Label the file with the appropriate logfile type supported by logrotate sesearch -A -s logrotate_t -c file > The points in the docs were that I wanted to check on were "Missing TE > rules are usually caused by bugs in SELinux policy and should be > reports.." Should I report my particular instance as a bug? > > "Modules created with audit2allow may allow more access than required. > It is recommended that policy created with audit2allow be posted to the > upstream SELinux list for review." > > Thanks in advance! > > JT > > > [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Li > nux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security- > Enhanced_Linux-Troubleshooting-Fixing_Problems.html > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx -- Simon Sekidde * Red Hat, Inc. * Westford, MA gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
