Add selinux policy file for rsyslog forwarding
So in the latest versions of Pike the selinux config changes a bit and it's impossible to open connections to other machines without changing the policy module. Change-Id: Iad672c39e732cbce7c5659aa731a88b40c7c3812
This commit is contained in:
parent
993f68845d
commit
334aa12ac4
|
@ -138,3 +138,10 @@
|
|||
state: started
|
||||
timeout: 10
|
||||
when: rsyslog_aggregator or rsyslog_forwarding
|
||||
|
||||
# syslog as a system process lives under some very restrictive selinux rules, this is the best
|
||||
# way I've found to get to to work reliably. On a prod system you would probably want to manually
|
||||
# validate that the .te file produced makes sense.
|
||||
- name: Generate and install syslog policy file
|
||||
shell: "grep syslog /var/log/audit/audit.log | audit2allow -M syslogd_t; semodule -i syslogd_t.pp"
|
||||
become: true
|
Loading…
Reference in New Issue