The /var/log/openvswitch directory is owned by the openvswitch user but
logrotate could be running as root or as another user. As a result of
which, rpmlint prints the following warning when building the spec file
on SUSE Linux Enterprise:
openvswitch.x86_64: W: suse-logrotate-user-writable-log-dir
/var/log/openvswitch openvswitch:openvswitch 0750
The log directory is writable by unprivileged users. Please fix the
permissions so only root can write there or add the 'su' option
to your logrotate config
In order to fix that, we should run the logrotate script as the
openvswitch user which ensures that the correct user is processing
the Open vSwitch log files.
Cc: Aaron Conole <acon...@redhat.com>
Cc: Timothy Redaelli <tredae...@redhat.com>
Signed-off-by: Markos Chandras <mchand...@suse.de>
---
rhel/etc_logrotate.d_openvswitch | 1 +
1 file changed, 1 insertion(+)
diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
index ed7d733c9..eaf1fd5bf 100644
--- a/rhel/etc_logrotate.d_openvswitch
+++ b/rhel/etc_logrotate.d_openvswitch
@@ -6,6 +6,7 @@
# without warranty of any kind.
/var/log/openvswitch/*.log {
+ su openvswitch openvswitch
daily
compress
sharedscripts
--
2.16.4
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
