From 49a42c2dd60a10378ea3402ddb0b4b3b42c6e070 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Bouynot?= <felixbouynot@gmail.com>
Date: Fri, 22 Jul 2022 15:32:37 +0200
Subject: [PATCH] Change SELinux context for logs (#14128)

Change SELinux context for logs from httpd_sys_rw_content_t to httpd_log_t so logrotate is not blocked by SELinux with this blocking: `logrotate_t httpd_sys_rw_content_t:file open;`
---
 doc/Installation/Install-LibreNMS.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/Installation/Install-LibreNMS.md b/doc/Installation/Install-LibreNMS.md
index f1fa4b791c..a7b9d2d477 100644
--- a/doc/Installation/Install-LibreNMS.md
+++ b/doc/Installation/Install-LibreNMS.md
@@ -419,7 +419,8 @@ Feel free to tune the performance settings in librenms.conf to meet your needs.
 
     ```
     semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.*)?'
-    semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(logs|rrd|storage)(/.*)?'
+    semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(rrd|storage)(/.*)?'
+    semanage fcontext -a -t httpd_log_t "/opt/librenms/logs(/.*)?"
     semanage fcontext -a -t bin_t '/opt/librenms/librenms-service.py'
     restorecon -RFvv /opt/librenms
     setsebool -P httpd_can_sendmail=1