RHEL 8 - rsyslog unable to write to NFS share due to SELinux

Posted on

I'm having a devil of a time getting rsyslog to be able to write logs to an NFS share.

The NFS share starts out with SELinux context of "var_log_t" which would work great. However, once it mounts to the server, the context changes to "nfs_t", which selinux then denies permission for rsyslog to write to any of the log files. I've run the ausearch -c ..... command at least 50 times. It finally did allow the creation of directories (fromhost-ip) and it creates the log files in those directories. However, selinux is still denying permission to rsyslog to append to those logs, so they remain empty. I've tried several things:

  • running that auseach -c command from the output of "journalctl -t setroubleshoot, followed by the semanage command also suggested, to no avail.

  • tried to reset the context of the mount but get "operation unsupported".

  • A manual command "mount -o context=....... works but my managers don't want to do that because other servers use that mount point.

  • Tried to follow the (thin) documentation on creating a custom policy but that doesn't seem to work.

  • Tried modifying /etc/fstab by adding the "context=....." If I save and exit vim and then run "mount -a" i get an error indicating that if I reboot the server won't boot up again.

It's very frustrating given that no one at Redhat thought that rsyslog might have to write to an NFS share with context nfs_t? THis doesn't make any sense. They didn't even provide a boolean that can be used. Every example configuration you find has to do with Apache and httpd. Comon RedHat - DO BETTER THAN THIS.

Responses