From 0a1a9dab8f9a1101ef7338e2ea42f6b8355d0087 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 18 Feb 2020 12:55:15 -0500
Subject: [PATCH 147/154] fix: add logrotate policy
Fixes: rhbz 1754117
(cherry picked from commit bd17df59bc340c59fe0e9b864ac9a1fedafbdca0)
(cherry picked from commit 8832bed2cebdab86d09a83cb9a3599731445168d)
---
.gitignore | 1 +
config/Makefile.am | 18 +++++++++++++++++-
config/firewalld.logrotate.in | 7 +++++++
firewalld.spec | 1 +
4 files changed, 26 insertions(+), 1 deletion(-)
create mode 100644 config/firewalld.logrotate.in
diff --git a/.gitignore b/.gitignore
index 11e257f5f0b0..b312003f6fa5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@
/config/firewall-config.appdata.xml
/config/firewall-config.desktop
/config/firewalld.service
+/config/firewalld.logrotate
/config/firewalld-sysctls.conf
/config/lockdown-whitelist.xml
/config/org.fedoraproject.FirewallConfig.gschema.valid
diff --git a/config/Makefile.am b/config/Makefile.am
index 0a3e228bff74..d16f87c9c092 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -35,6 +35,7 @@ BUILT_SOURCES = \
$(polkit1_action_DATA) \
$(gsettings_SCHEMAS) \
firewalld-sysctls.conf \
+ firewalld.logrotate \
firewalld.service
@INTLTOOL_DESKTOP_RULE@
@@ -44,7 +45,7 @@ BUILT_SOURCES = \
all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS)
-CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf
+CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf firewalld.logrotate
DISTCLEANFILES = \
$(desktop_DATA) \
@@ -285,6 +286,7 @@ EXTRA_DIST = \
$(CONFIG_FILES) \
lockdown-whitelist.xml.in \
firewalld.init \
+ firewalld.logrotate.in \
firewalld-sysctls.conf.in \
firewalld.service.in \
firewalld.sysconfig \
@@ -296,6 +298,9 @@ UNINSTALL_TARGETS = uninstall-config
INSTALL_TARGETS += install-modprobe.d
UNINSTALL_TARGETS += uninstall-modprobe.d
+INSTALL_TARGETS += install-logrotate.d
+UNINSTALL_TARGETS += uninstall-logrotate.d
+
if USE_SYSTEMD
INSTALL_TARGETS += install-service
UNINSTALL_TARGETS += uninstall-service
@@ -328,6 +333,9 @@ firewalld.service: firewalld.service.in
firewalld-sysctls.conf: firewalld-sysctls.conf.in
$(edit) $< >$@
+firewalld.logrotate: firewalld.logrotate.in
+ $(edit) $< >$@
+
install-sysconfig:
$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
$(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld
@@ -368,6 +376,14 @@ uninstall-modprobe.d:
rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf
rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || :
+install-logrotate.d:
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/logrotate.d
+ $(INSTALL_DATA) firewalld.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld
+
+uninstall-logrotate.d:
+ rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld
+ rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || :
+
install-config:
$(MKDIR_P) $(DESTDIR)$(sconfdir)
$(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes
diff --git a/config/firewalld.logrotate.in b/config/firewalld.logrotate.in
new file mode 100644
index 000000000000..8dba63b765e6
--- /dev/null
+++ b/config/firewalld.logrotate.in
@@ -0,0 +1,7 @@
+@localstatedir@/log/firewalld {
+ weekly
+ missingok
+ rotate 4
+ copytruncate
+ minsize 1M
+}
diff --git a/firewalld.spec b/firewalld.spec
index 65e84849e2fc..cade59891cd7 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -243,6 +243,7 @@ fi
%{_mandir}/man1/firewalld*.1*
%{_mandir}/man5/firewall*.5*
%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
+%{_sysconfdir}/logrotate.d/firewalld
%files -n python-firewall
%attr(0755,root,root) %dir %{python2_sitelib}/firewall
--
2.25.2