You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 12, 2024. It is now read-only.
now these two combined are not enough to logrotate because selinux is blocking logrotate from the directory /var/opt/microsoft/omsconfig/
Error messages look like this:
error: error accessing /var/opt/microsoft/omsconfig: Permission denied
error: failed to rename /var/opt/microsoft/omsconfig/omsconfig.log to /var/opt/microsoft/omsconfig/omsconfig.log-20210812: Permission denied
error: error accessing /var/opt/microsoft/omsconfig: Permission denied
error: failed to rename /var/opt/microsoft/omsconfig/omsconfigdetailed.log to /var/opt/microsoft/omsconfig/omsconfigdetailed.log-20210812: Permission denied
Possible solutions:
you can change the selinux context of that that dir to var_log_t and it should work, but that means logrotate gets additional rights on the non-log subdirs
you can change the log directory to /var/opt/microsoft/omsconfig/log for log files and give it var_log_t (right solution I would say)
you can disable the logs (possible short term workaround)
This is all covered in several issues on github: microsoft/OMS-Agent-for-Linux#781 (from september 2018, that’s how long this has been an issue) microsoft/omi#680 (additional problem related to selinux, needs at least two versions released for complete fix if you want to keep using the omi selinux rules because of the post-script nature)
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This is a follow up from microsoft/omi#680 and microsoft/OMS-Agent-for-Linux#781
I was told the dir /var/opt/microsoft/omsconfig belongs to this product group. Selinux is preventing the logrotation of two logfiles:
https://github.com/microsoft/OMS-Agent-for-Linux/blob/638a242a595fe1a096105d763062d350d26b9b75/installer/selinux/omsagent-logrotate.fc
that is the current selinux configuration that only includes the files.
https://github.com/microsoft/PowerShell-DSC-for-Linux/blob/9f6301f16bb3ce665e886fb728b63d1ad3f78cae/Providers/Extras/Scripts/omsconfig_logrotate.conf
is the logrotate config that wants to rotate the logs
now these two combined are not enough to logrotate because selinux is blocking logrotate from the directory /var/opt/microsoft/omsconfig/
Error messages look like this:
Possible solutions:
This is all covered in several issues on github:
microsoft/OMS-Agent-for-Linux#781 (from september 2018, that’s how long this has been an issue)
microsoft/omi#680 (additional problem related to selinux, needs at least two versions released for complete fix if you want to keep using the omi selinux rules because of the post-script nature)
The text was updated successfully, but these errors were encountered: