openstack
/
project-config
Code Issues Proposed changes

Fix selinux context for unbound.log 

The previous patch[1] applied a partial context to the unbound.log file.
This patch applies a full context to resolve the "partial context" error, using semanage to make the file label persistent.

[1] https://review.opendev.org/c/openstack/project-config/+/841546

Change-Id: Ic15957fa4ef58355efd2e96f143386f393b0a59d
This commit is contained in:
Michael Johnson 2022-05-12 19:05:12 +00:00
parent d58c7a04da
commit 4ceb4adc83
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nodepool/elements/nodepool-base/finalise.d/89-boot-settings
View File

@ -98,8 +98,9 @@ chmod 0644 /var/log/unbound.log
# distros, but for consistency it's much easier if we just have one
# log file in the same place across distros. Thus set the context to
# allow it.
if [[ -e /usr/bin/chcon ]]; then
chcon -t named_log_t /var/log/unbound.log
if [[ -e /usr/sbin/semanage ]]; then
semanage fcontext -a -t named_log_t /var/log/unbound.log
restorecon -v /var/log/unbound.log
fi
if [[ "$DISTRO_NAME" =~ (opensuse) ]] ; then