Hi Chris, ... > > +++ b/policy/modules/services/dnsmasq.fc > > @@ -13,7 +13,7 @@ > > /var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0) > > /var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0) > > -/var/log/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0) > > +/var/log/dnsmasq(.*)?\.log -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0) > > /run/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0) > > /run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0) > This would exclude rotated logs, e.g. something like dnsmasq.log.1 or > dnsmasq.log.1.gz, which would be undesirable. I didn't know dnsmasq need to open logs already handled by logrotate (I thought logrotate creates these). But I see apache has similar pattern. I added the patern in v2: /var/log/dnsmasq(.*)?\.log(\..+) Kind regards, Petr
