How to let logrotate write files hosted on CIFS file systems (Windows shares)
Issue
-
When customizing logrotate to copy or move ancient log files to a CIFS file system, SELinux AVCs are seen, as shown in the example below
-
Original
/etc/logrotate.d/bootlogfile/var/log/boot.log { missingok daily copytruncate rotate 7 notifempty } -
Modified
/etc/logrotate.d/bootlogfile to move old logs to a CIFS file system (postrotatedirective)/var/log/boot.log { missingok daily copytruncate rotate 7 notifempty postrotate mv /var/log/boot.log-* /my/cifs_share/logs endscript } -
SELinux AVCs being seen after a rotation occurred
# aureport --avc --summary Avc Object Summary Report ================================= total obj ================================= 1814 system_u:object_r:cifs_t:s0# ausearch -m avc --context cifs_t --just-one [...] type=SYSCALL [...] comm="mv" exe="/usr/bin/mv" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC [...]: avc: denied { write } for pid=XXX comm="mv" name="boot.log-20200128" dev="cifs" [...] scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cifs_t:s0 tclass=dir permissive=0
-
Environment
- Red Hat Enterprise Linux (RHEL)
- logrotate
- cifs-utils
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
