mirror of https://github.com/MISP/MISP
Fix logrotate module for RHEL 7/CentOS 7
parent
86f774d240
commit
5f6b4aef45
|
@ -1,8 +1,15 @@
|
|||
module misplogrotate 1.0;
|
||||
module misplogrotate 1.1;
|
||||
require {
|
||||
type httpd_t;
|
||||
type logrotate_t;
|
||||
type httpd_log_t;
|
||||
type httpd_sys_content_t;
|
||||
class dir { ioctl read getattr lock search open };
|
||||
type httpd_sys_rw_content_t;
|
||||
class dir { ioctl read getattr lock search open remove_name };
|
||||
class file { unlink write };
|
||||
}
|
||||
#============= logrotate_t ==============
|
||||
allow logrotate_t httpd_sys_content_t:dir { ioctl read getattr lock search open };
|
||||
allow logrotate_t httpd_sys_rw_content_t:dir { ioctl read getattr lock search open };
|
||||
allow httpd_t httpd_log_t:dir remove_name;
|
||||
allow httpd_t httpd_log_t:file { unlink write };
|
||||
|
|
|
@ -550,7 +550,6 @@ logRotation_RHEL () {
|
|||
sudo semanage fcontext -a -t httpd_sys_rw_content_t "$PATH_TO_MISP(/.*)?"
|
||||
sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
|
||||
sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp/logs
|
||||
# Impact of the following: ?!?!?!!?111
|
||||
##sudo restorecon -R $PATH_TO_MISP
|
||||
|
||||
|
|
|
@ -437,7 +437,6 @@ sudo chmod 0640 /etc/logrotate.d/misp
|
|||
# Allow logrotate to modify the log files
|
||||
sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
|
||||
sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp/logs
|
||||
|
||||
# Allow logrotate to read /var/www
|
||||
sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
|
||||
|
|
Loading…
Reference in New Issue