As in other messages here recently, we have been successfully using logrotate for various of our grid engine files for a long time. Our file is below for reference purposes.
We recently upgraded our qmaster system from CentOS 6 to CentOS 7. As part of attempting gradual improvement of our security posture we are trying to use selinux on new systems. The good news is that we are not seeing anything impacting the running of Grid Engine under selinux except logrotate. The bad news is that logrotate is not successfully working with the grid engine files (accounting, reporting and messages). We are still looking at the specifics and think we may have a solution using 'semanage permissive -a logrotate_t' as hinted at by: https://www.unix.com/man-page/centos/8/logrotate_selinux/ This appears to just disable (change to permissive) the selinux support for logrotate. Using 'semanage fcontext -a -t something ...' and 'restorecon -v ...' appear to be possible but I'm unclear of the specifics since the log files are mixed with other grid engine files in the same directory. Has anyone else had any experience running grid engine with selinux? We are using grid engine 8.1.8 with a couple of local patches. Here is our /etc/logrotate.d/scl-grid-engine ==== begin ==== /opt/sge_root/*/common/accounting { compress nocreate dateext ifempty # keep logs "forever" rotate 5000 weekly } /opt/sge_root/*/common/reporting { compress nocreate dateext ifempty # keep logs "forever" rotate 5000 weekly } /var/spool/sge/*/qmaster/messages { compress nocreate dateext ifempty # keep logs "forever" rotate 5000 weekly } # mostly useless (in long term) debugging logs /opt/sge_root/*/common/schedd_runlog /opt/sge_root/*/common/schedule { nocompress nocreate missingok rotate 2 daily } ==== end ==== Stuart Barkley -- I've never been lost; I was once bewildered for three days, but never lost! -- Daniel Boone _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users