From: Yi Zhao <[email protected]> By default /var/log is a symbolic link of /var/volatile/log. But restorecon does not follow symbolic links then we will encounter the following error when set /var/log/audit directory:
$ /sbin/restorecon -F /var/log/audit /sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit restorecon: Permission denied. Use readlink to find the real path before set security context. Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Joe MacDonald <[email protected]> (cherry picked from commit 8b79480663bc9de2343e0146ed8d3d0e59ab48be) Signed-off-by: Armin Kuster <[email protected]> --- recipes-security/audit/audit/auditd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 recipes-security/audit/audit/auditd diff --git a/recipes-security/audit/audit/auditd b/recipes-security/audit/audit/auditd old mode 100755 new mode 100644 index cda2e43..6aa7f94 --- a/recipes-security/audit/audit/auditd +++ b/recipes-security/audit/audit/auditd @@ -86,7 +86,7 @@ do_reload() { if [ ! -e /var/log/audit ]; then mkdir -p /var/log/audit - [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit + [ -x /sbin/restorecon ] && /sbin/restorecon -F $(readlink -f /var/log/audit) fi case "$1" in -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60665): https://lists.yoctoproject.org/g/yocto/message/60665 Mute This Topic: https://lists.yoctoproject.org/mt/100395933/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
