Centos/RH 7.3 selinux bug & ZCS

Ask questions about your setup or get help installing ZCS server (ZD section below).
Posts: 4
Joined: Sat Mar 11, 2017 10:13 pm

Centos/RH 7.3 selinux bug & ZCS

Postby gmills » Tue Mar 21, 2017 2:33 am

FYI - I have been getting continual selinux errors relating to ZCS and logging ... then I found this info (have not been running ZCS for long0
On a NEW Centos/RH 7.3 build the file '/etc/selinux/targeted/contexts/files/file_contexts.local' is not created. The file_contexts.local file stores contexts to newly created files and directories not found in file_contexts.

On a good Server running ZCS 8.7.4 MTA and Store (not LDAP) the contents of file_contexts.local is:
/opt/zimbra/zmstat/zmstat.out system_u:object_r:var_log_t:s0
/opt/zimbra/zmstat(/.*)? system_u:object_r:var_log_t:s0
<directory>(/.*)? system_u:object_r:var_log_t:s0
/opt/zimbra/logger/db/data/rrds(/.*)? system_u:object_r:var_log_t:s0

On a ZCS Serer with selinux errors this file exists but was empty.

I recreated these using semanage/restorecon script below:
semanage fcontext -a -t var_log_t "/opt/zimbra/zmstat/zmstat.out"
semanage fcontext -a -t var_log_t "/opt/zimbra/zmstat(/.*)?"
semanage fcontext -a -t var_log_t "/opt/zimbra/logger/db/data/rrds(/.*)?"

restorecon -R -v /opt/zimbra/zmstat/zmstat.out
restorecon -R -v /opt/zimbra/zmstat
restorecon -R -v /opt/zimbra/logger/db/data/rrds

I have not restored "<directory>(/.*)? system_u:object_r:var_log_t:s0" yet.. this seems very generic and broad reaching.
I am sure that more tweaking will be required but it is a start. I am running multiserver so I need to check a good LDAP server next .
But at least I know the cause now.


Return to “Installation and Upgrade”

Who is online

Users browsing this forum: Baidu [Spider] and 11 guests