Browse files

Merge "Add selinux policy file for rsyslog forwarding"

  • Loading branch information...
Zuul authored and openstack-gerrit committed Nov 9, 2017
2 parents 78d1ec3 + 334aa12 commit 15358aeb4db0e78e877f04487be9a551f9ee1a9f
Showing with 7 additions and 0 deletions.
  1. +7 −0 ansible/install/roles/rsyslog-templates/tasks/main.yml
@@ -138,3 +138,10 @@
state: started
timeout: 10
when: rsyslog_aggregator or rsyslog_forwarding
# syslog as a system process lives under some very restrictive selinux rules, this is the best
# way I've found to get to to work reliably. On a prod system you would probably want to manually
# validate that the .te file produced makes sense.
- name: Generate and install syslog policy file
shell: "grep syslog /var/log/audit/audit.log | audit2allow -M syslogd_t; semodule -i syslogd_t.pp"
become: true

0 comments on commit 15358ae

Please sign in to comment.