Re: [patch] logrotate

[James Carter <jwcart2@xxxxxxxxxxxxxx>]

Merged with your latest logrotate.fc diff.

On Mon, 2005-01-03 at 22:01, Greg Norris wrote:
> Here are a handful of patches for logrotate, which I've found to be 
> necessary for my Debian SELinux box... all are against current CVS.  
> Please apply.
> 
>    logrotate.fc.diff
> 
> Debian creates the logrotate state file as "/var/lib/logrotate/status",
> rather than "/var/lib/logrotate.status".  The updated pattern will match
> both cases.
> 
>    logrotate.te.1.diff
> 
> Logrotate 3.7 tries to do open(".", O_RDONLY) during startup (so it can
> fchdir() back later), and aborts if unsuccessful.  When run from cron it
> has a CWD of "/root", which is unreadable under the current policy.  
> I've added read access for "staff_home_dir_t" and "sysadm_home_dir_t".
> 
> I'm not completely happy with this approach (perhaps logrotate and/or
> the crontab entries should be modified?), but it sees like it should be
> safe.
> 
>    logrotate.te.2.diff
> 
> Logcheck (which is also handled by the logrotate policy) fails without 
> the ability to relabel it's tempfiles.  I've given it "relabelfrom" and 
> "relabelto" on "logrotate_tmp_t:file".
> 
> 
> As always, let me know if additional information is desired.  Thanx!
-- 
James Carter <jwcart2@xxxxxxxxxxxxxx>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.