By default /var/log is a symbolic link of /var/volatile/log. But
restorecon does not follow symbolic links then we will encounter the
following error when set /var/log/audit directory:
$ /sbin/restorecon -F /var/log/audit
/sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit
restorecon: Permission denied.
Use readlink to find the real path before set security context.
Signed-off-by: Yi Zhao <yi.z...@windriver.com>
---
recipes-security/audit/audit/auditd | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
mode change 100755 => 100644 recipes-security/audit/audit/auditd
diff --git a/recipes-security/audit/audit/auditd
b/recipes-security/audit/audit/auditd
old mode 100755
new mode 100644
index cda2e43..6aa7f94
--- a/recipes-security/audit/audit/auditd
+++ b/recipes-security/audit/audit/auditd
@@ -86,7 +86,7 @@ do_reload() {
if [ ! -e /var/log/audit ]; then
mkdir -p /var/log/audit
- [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit
+ [ -x /sbin/restorecon ] && /sbin/restorecon -F $(readlink -f
/var/log/audit)
fi
case "$1" in
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#49898): https://lists.yoctoproject.org/g/yocto/message/49898
Mute This Topic: https://lists.yoctoproject.org/mt/75351500/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
