Open evgeni opened 8 months ago
type=AVC msg=audit(1700092800.224:574348): avc: denied { write } for pid=2124627 comm="logrotate" name="production.log" dev="dm-0" ino=34805887 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=0
audit2allow creates:
audit2allow
allow logrotate_t usr_t:file write;
but I guess that file just shouldn't be usr_t but var_log_t or similar.
usr_t
var_log_t
Re-opening, as now /var/log/messages was the offender, thanks rsyslog
/var/log/messages
probably rsyslog can just be dropped given we have journald.
audit2allow
creates:but I guess that file just shouldn't be
usr_t
butvar_log_t
or similar.