Blob Blame Raw
From db7dfa77ec3dc8908f3adb94eea121325e8ecda6 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 18 Sep 2013 16:05:42 +0200
Subject: [PATCH 27/29] qga: move logfiles to new directory for easier SELinux labeling (RHEL only)

RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <1379520342-23063-1-git-send-email-lersek@redhat.com>
Patchwork-id: 54449
O-Subject: [RHEL-7 qemu-kvm PATCH] qga: move logfiles to new directory for easier SELinux labeling (RHEL only)
Bugzilla: 1009491
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1009491
Brew:     https://brewweb.devel.redhat.com/taskinfo?taskID=6300016

Tested by me (with manual labeling for now).

While discussing RHEL-6 selinux-policy bug 964345 ("SELinux policy
prevents qemu guest agent from running main fsfreeze hook script, and from
creating random files"), SELinux developers suggested that the normal qga
logfile, and the fsfreeze hook logfile (which is new in RHEL-6.5) be moved
to a dedicated directory for easier SELinux labeling.

In RHEL-7 (selinux-policy bug: 1005890) only the fsfreeze hook log exists
as a separate file; the normal qga log is part of the system journal.

RHEL-7 only patch.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 redhat/qemu-kvm.spec.template          |    4 ++++
 scripts/qemu-guest-agent/fsfreeze-hook |    2 +-
 2 files changed, 5 insertions(+), 1 deletions(-)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 redhat/qemu-kvm.spec.template          |    4 ++++
 scripts/qemu-guest-agent/fsfreeze-hook |    2 +-
 2 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/scripts/qemu-guest-agent/fsfreeze-hook b/scripts/qemu-guest-agent/fsfreeze-hook
index 45514fa..dba51c4 100755
--- a/scripts/qemu-guest-agent/fsfreeze-hook
+++ b/scripts/qemu-guest-agent/fsfreeze-hook
@@ -7,7 +7,7 @@
 # "freeze" argument before the filesystem is frozen. And for fsfreeze-thaw
 # request, it is issued with "thaw" argument after filesystem is thawed.
 
-LOGFILE=/var/log/qemu-ga.fsfreeze-hook.log
+LOGFILE=/var/log/qemu-ga/fsfreeze-hook.log
 
 # Check whether file $1 is a backup or rpm-generated file and should be ignored
 is_ignored_file() {
-- 
1.7.1