Summary: | app-admin/logrotate - chcon: failed to change context of ‘test.log’ to ‘staff_u:object_r:httpd_sys_content_t’: Invalid argument | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sean Santos <quantheory> |
Component: | Current packages | Assignee: | Chema Alonso Josa (RETIRED) <nimiux> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://fedorahosted.org/logrotate/ticket/35 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | emerge --info logrotate |
Description
Sean Santos
2013-06-22 17:06:07 UTC
Not sure if running chcon is the best way to see if it can use chcon, but if that's the case, it would be better to use a type specific to logrotate or related to logs. Perhaps var_log_t would make more sense. Still, if it wants to see if SELinux is enabled, there are many other ways to deal with that (like checking if /sys/fs/selinux/status exists). Sorry I don't have any SELINUX enabled box at this moment, so I can't reproduce this. Which version of logrotate are you using? Should we file a bug upstream to use another context? Thanks. This is in logrotate 3.8.4, but the problem seems to be in the latest version: http://svn.fedorahosted.org/svn/logrotate/trunk/test/test I'm not sure I understand the purpose of the test still, so I'm not sure what to do. Personally, I would suggest upstream to use "logrotate_tmp_t" (or any other type related to logrotate) as it is more likely to exist than httpd_sys_content_t (which is Apache-related). Upstream ticket created. Thanks. https://fedorahosted.org/logrotate/ticket/35 Upstream ticket fixed. Closing. |