Created attachment 351656 [details] emerge --info logrotate The SELinux test for logrotate is giving me this (from the build.log): Running test 6 chcon: failed to change context of ‘test.log’ to ‘staff_u:object_r:httpd_sys_content_t’: Invalid argument test.log.0 should have selinux context httpd_sys_content_t. It's a simple problem; logrotate uses this command to test whether it can use chcon: > chcon --type=httpd_sys_content_t test.log But this box isn't using that type (e.g. it doesn't have Apache).
Not sure if running chcon is the best way to see if it can use chcon, but if that's the case, it would be better to use a type specific to logrotate or related to logs. Perhaps var_log_t would make more sense. Still, if it wants to see if SELinux is enabled, there are many other ways to deal with that (like checking if /sys/fs/selinux/status exists).
Sorry I don't have any SELINUX enabled box at this moment, so I can't reproduce this. Which version of logrotate are you using? Should we file a bug upstream to use another context? Thanks.
This is in logrotate 3.8.4, but the problem seems to be in the latest version: http://svn.fedorahosted.org/svn/logrotate/trunk/test/test I'm not sure I understand the purpose of the test still, so I'm not sure what to do.
Personally, I would suggest upstream to use "logrotate_tmp_t" (or any other type related to logrotate) as it is more likely to exist than httpd_sys_content_t (which is Apache-related).
Upstream ticket created. Thanks. https://fedorahosted.org/logrotate/ticket/35
Upstream ticket fixed. Closing.
