From f767ffeec586c335cf5c2eaf159c551db6df9056 Mon Sep 17 00:00:00 2001
From: Richard van den Berg <richard.vandenberg@ncsc.nl>
Date: Wed, 24 Mar 2021 10:29:02 +0100
Subject: [PATCH] fix: [selinux] allow log files rename

---
 INSTALL/misplogrotate.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/INSTALL/misplogrotate.te b/INSTALL/misplogrotate.te
index 921989772..80b2eb945 100644
--- a/INSTALL/misplogrotate.te
+++ b/INSTALL/misplogrotate.te
@@ -7,10 +7,10 @@ require {
 	type httpd_sys_content_t;
 	type httpd_sys_rw_content_t;
 	class dir { ioctl read getattr lock search open remove_name };
-	class file { unlink write };
+	class file { unlink write rename };
 }
 #============= logrotate_t ==============
 allow logrotate_t httpd_sys_content_t:dir { ioctl read getattr lock search open };
 allow logrotate_t httpd_sys_rw_content_t:dir { ioctl read getattr lock search open };
 allow httpd_t httpd_log_t:dir remove_name;
-allow { httpd_t httpd_sys_script_t } httpd_log_t:file { unlink write };
+allow { httpd_t httpd_sys_script_t } httpd_log_t:file { unlink write rename };