[systemd-devel] bug: AVC denial when systemd-journald set to write to separate btrfs subvolume

[Lennart Poettering]

On Tue, 21.01.14 16:39, Chris Murphy (lists at colorremedies.com) wrote:

> This is a follow-up on this thread about directing the journal to a btrfs subvolume, if it's desired to maintain one journal even when booting other snapshots (such as doing a rollback):
> http://lists.freedesktop.org/archives/systemd-devel/2014-January/016253.html
> 
> When I do this, systemd-journald tries to change permissions on /var/log/journal but selinux prohibits it. I think it's because such permission change isn't to a directory, but rather a mount point which would affect the permissions of the subvolume.
> 
> So this could very well be user error, and instead I need to make the subvolume permissions and ownership correct, and not expect that systemd can or should do this. But I figure it's better to ask.
> 
> AVC denial when systemd-journald set to write to separate btrfs subvolume 
> https://bugzilla.redhat.com/show_bug.cgi?id=1056309

Ultimately there's little what we can do upstream about the SELinux
policy. THe SELinux policy needs to be upadted in the SELinux packages,
so filing the bug against the package was the right thing to do.

Thanks,

Lennart

-- 
Lennart Poettering, Red Hat