From db7dfa77ec3dc8908f3adb94eea121325e8ecda6 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 18 Sep 2013 16:05:42 +0200 Subject: [PATCH 27/29] qga: move logfiles to new directory for easier SELinux labeling (RHEL only) RH-Author: Laszlo Ersek Message-id: <1379520342-23063-1-git-send-email-lersek@redhat.com> Patchwork-id: 54449 O-Subject: [RHEL-7 qemu-kvm PATCH] qga: move logfiles to new directory for easier SELinux labeling (RHEL only) Bugzilla: 1009491 RH-Acked-by: Markus Armbruster RH-Acked-by: Miroslav Rezanina RH-Acked-by: Paolo Bonzini Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1009491 Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6300016 Tested by me (with manual labeling for now). While discussing RHEL-6 selinux-policy bug 964345 ("SELinux policy prevents qemu guest agent from running main fsfreeze hook script, and from creating random files"), SELinux developers suggested that the normal qga logfile, and the fsfreeze hook logfile (which is new in RHEL-6.5) be moved to a dedicated directory for easier SELinux labeling. In RHEL-7 (selinux-policy bug: 1005890) only the fsfreeze hook log exists as a separate file; the normal qga log is part of the system journal. RHEL-7 only patch. Signed-off-by: Laszlo Ersek --- redhat/qemu-kvm.spec.template | 4 ++++ scripts/qemu-guest-agent/fsfreeze-hook | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) Signed-off-by: Miroslav Rezanina --- redhat/qemu-kvm.spec.template | 4 ++++ scripts/qemu-guest-agent/fsfreeze-hook | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/scripts/qemu-guest-agent/fsfreeze-hook b/scripts/qemu-guest-agent/fsfreeze-hook index 45514fa..dba51c4 100755 --- a/scripts/qemu-guest-agent/fsfreeze-hook +++ b/scripts/qemu-guest-agent/fsfreeze-hook @@ -7,7 +7,7 @@ # "freeze" argument before the filesystem is frozen. And for fsfreeze-thaw # request, it is issued with "thaw" argument after filesystem is thawed. -LOGFILE=/var/log/qemu-ga.fsfreeze-hook.log +LOGFILE=/var/log/qemu-ga/fsfreeze-hook.log # Check whether file $1 is a backup or rpm-generated file and should be ignored is_ignored_file() { -- 1.7.1