diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2023-07-27 14:07:46 -0400 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2023-07-31 15:05:21 -0400 |
| commit | 7bb93ef630fdf21cbc7fc9dc87e7aa917af649bb (patch) | |
| tree | 05e010503f0dc8fba9aece956b53d1d8b9ddc628 | |
| parent | a7732beacdf212a33cc3c3527a0727a7427efa9a (diff) | |
| download | meta-selinux-7bb93ef630fdf21cbc7fc9dc87e7aa917af649bb.tar.gz | |
audit: set correct security context for /var/log/audit
By default /var/log is a symbolic link of /var/volatile/log. But
restorecon does not follow symbolic links then we will encounter the
following error when set /var/log/audit directory:
$ /sbin/restorecon -F /var/log/audit
/sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit restorecon: Permission denied.
Use readlink to find the real path before set security context.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
(cherry picked from commit 8b79480663bc9de2343e0146ed8d3d0e59ab48be)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
| -rw-r--r--[-rwxr-xr-x] | recipes-security/audit/audit/auditd | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/recipes-security/audit/audit/auditd b/recipes-security/audit/audit/auditd index cda2e43..6aa7f94 100755..100644 --- a/recipes-security/audit/audit/auditd +++ b/recipes-security/audit/audit/auditd | |||
| @@ -86,7 +86,7 @@ do_reload() { | |||
| 86 | 86 | ||
| 87 | if [ ! -e /var/log/audit ]; then | 87 | if [ ! -e /var/log/audit ]; then |
| 88 | mkdir -p /var/log/audit | 88 | mkdir -p /var/log/audit |
| 89 | [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit | 89 | [ -x /sbin/restorecon ] && /sbin/restorecon -F $(readlink -f /var/log/audit) |
| 90 | fi | 90 | fi |
| 91 | 91 | ||
| 92 | case "$1" in | 92 | case "$1" in |