SELinux prevents tmpwatch to remove old logs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
In Progress
|
Medium
|
Cédric Jeanneret |
Bug Description
(First reported as rhbz#1944466)
Summary:
SELinux prevents tmpwatch to remove files, blocking a weird need for dac_override:
type=AVC msg=audit(
This leads to the following logs:
error: failed to unlink /var/log/
[and any other variant]
After extensive tests, it seems the way cron.daily content is launched doesn't meet all the requirement for the environment, leading to the above issue. Pushing the exact same job in root's crontab solves the issue.
This is hitting osp-16.1, so we'll need to backport it down to stable/train...
Changed in tripleo: | |
status: | Triaged → In Progress |
Changed in tripleo: | |
milestone: | wallaby-rc1 → xena-1 |
Changed in tripleo: | |
milestone: | xena-1 → xena-2 |
Changed in tripleo: | |
milestone: | xena-2 → xena-3 |
Fix for Master (and needing backports down to stable/train) /review. opendev. org/c/openstack /tripleo- heat-templates/ +/784008
https:/