Created
June 6, 2014 14:52
-
-
Save racooper/2edb2394eded80f3e5ae to your computer and use it in GitHub Desktop.
SELinux policy to allow logrotate to work in /home/<user>/log/*
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module local 1.0; | |
| require { | |
| type home_root_t; | |
| type user_home_t; | |
| type logrotate_t; | |
| class file { rename setattr read create write getattr unlink open }; | |
| class dir { read write add_name remove_name }; | |
| } | |
| #============= logrotate_t ============== | |
| allow logrotate_t home_root_t:dir read; | |
| #!!!! The source type 'logrotate_t' can write to a 'dir' of the following types: | |
| # tmp_t, logrotate_var_lib_t, logrotate_tmp_t, logfile, named_cache_t, acct_data_t, var_spool_t, abrt_var_cache_t, var_lib_t, var_log_t, mailman_log_t, varnishlog_log_t, openshift_var_lib_t, var_lock_t | |
| allow logrotate_t user_home_t:dir { read write add_name remove_name }; | |
| #!!!! The source type 'logrotate_t' can write to a 'file' of the following types: | |
| # wtmp_t, logrotate_var_lib_t, logrotate_tmp_t, logfile, named_cache_t, acct_data_t, var_spool_t, logrotate_lock_t, abrt_var_cache_t, mailman_log_t, varnishlog_log_t, openshift_var_lib_t | |
| allow logrotate_t user_home_t:file { rename setattr read create write getattr unlink open }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment