logrotate must be able to access container_file_t
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Cédric Jeanneret |
Bug Description
Hello,
Since we write logs directly from within containers, logrotate (on the host) might get some AVC like this one:
type=AVC msg=audit(
The easiest way is to use the logrotate_
Note: currently, the "real" logrotate is running from within a container, meaning the content of /var/log/containers is properly managed. Apparently we have some other logs in /var/log that are written by containerized service, making the host logrotate cough.
Changed in tripleo: | |
milestone: | train-3 → train-2 |
Changed in tripleo: | |
status: | Triaged → Fix Released |
Related fix proposed to branch: master /review. opendev. org/669987
Review: https:/