View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004225 | Rocky-Linux-9 | selinux-policy | public | 2023-09-15 09:14 | 2023-09-15 09:14 |
| Reporter | Jamie Burchell | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Linux | OS | Rocky Linux | OS Version | 9.2 |
| Summary | 0004225: logrotate cannot read directories labelled httpd_sys_content_t | ||||
| Description | I store log files for individual virtual hosts in /var/www/vhosts/foo/log which has a directory label of httpd_log_t. SELinux denies access to read the vhosts directory: type=AVC msg=audit(1694646003.329:8073): avc: denied { read } for pid=32077 comm="logrotate" name="vhosts" dev="vda1" ino=335544449 scontext=system_u:system_r:logrotate_t:s0 tcontext=unconf Using this logrotate config: /var/log/php-fpm/*log /var/www/vhosts/*/log/*log { missingok notifempty sharedscripts delaycompress postrotate /bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true endscript } | ||||
| Steps To Reproduce | Create the above directory structure with logrotate config and trigger the systemd timer for logrotate. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-09-15 09:14 | Jamie Burchell | New Issue |
