I am running RHEL 8. I am using podman to run containers with python apps. The apps need to rotate the logs. I am seeing this error on journalctl -xe:
SELinux is preventing /usr/local/bin/python3.10 from append access on the file /data/logs/v100t1-grab.log.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python3.10 should be allowed append access on the v100t1-grab.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'python' --raw | audit2allow -M my-python
# semodule -X 300 -i my-python.pp
If I execute the commands suggested, ausearch -c 'python' --raw | audit2allow -M my-python I am getting the following message:
compilation failed: my-python.te:18:ERROR 'syntax error' at token 'mlsconstrain' on line 18:mlsconstrain file { write setattr append unlink link rename } ((h1 dom h2 -Fail-) or (t1 != mcs_constrained_type -Fail-) ); Constraint DENIED
# mlsconstrain file { ioctl read lock execute execute_no_trans } ((h1 dom h2 -Fail-) or (t1 != mcs_constrained_type -Fail-) ); Constraint DENIED
/usr/bin/checkmodule: error(s) encountered while parsing configuration
Please help to resolve.
