On Fri, Oct 9, 2020 at 6:29 PM Martin Perina <mperina@redhat.com> wrote:

On Fri, Oct 9, 2020 at 5:54 PM Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
On Fri, Oct 9, 2020 at 4:58 PM Martin Perina <mperina@redhat.com> wrote:
Hi Gianluca,

could you please check selinux context of /var/log/ovirt-engine/ansible-runner-service.log to see if you are not affected by https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 ?

Thanks,
Martin

Thanks for answering.
It seems ok. On the engine:
[root@ovmgr1 ~]# ls -Z /var/log/ovirt-engine/ansible-runner-service.log
system_u:object_r:httpd_log_t:s0 /var/log/ovirt-engine/ansible-runner-service.log
[root@ovmgr1 ~]#

Gianluca

OK, so could you please apply the workaround mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 to resolve the issue until oVirt 4.4.3 is released?

Sorry, but isn't it already ok? The SELinux security context for the file is already httpd_log_t, so I don't have to apply anything.

I also applied the more brutal workaround described in https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c4 without any effect, so I'm not in this bugzilla context.

Do I have to apply also for the directory /var/log/ovirt-engine itself, that currently has a context of var_log_t? I don't think so...

Gianluca