按照日志文件中指定的有关运行 sealert 的说明进行操作。例如:
sealert -l 9eb4cb40-9d2b-4428-980f-c4e46606aec1
输出类似于以下内容:
[root@testserver16 ~]# sealert -l 9eb4cb40-9d2b-4428-980f-c4e46606aec1
SELinux is preventing logrotate from read access on the directory /var/opt/fma/fm/fmd.
***** Plugin catchall_labels (83.8 confidence) suggests ********************
If you want to allow logrotate to have read access on the fmd directory
Then you need to change the label on /var/opt/fma/fm/fmd
Do
# semanage fcontext -a -t FILE_TYPE '/var/opt/fma/fm/fmd'
where FILE_TYPE is one of the following: abrt_var_cache_t, var_lib_t, configfile, domain,
var_log_t, var_run_t, cert_type, configfile, net_conf_t, inotifyfs_t, logrotate_t,
sysctl_kernel_t, mailman_log_t, sysctl_crypto_t, admin_home_t, varnishlog_log_t,
openshift_var_lib_t, user_home_dir_t, var_lock_t, bin_t, device_t, devpts_t, locale_t,
etc_t, tmp_t, usr_t, proc_t, abrt_t, device_t, lib_t, logrotate_var_lib_t, root_t,
etc_t, usr_t, sssd_public_t, sysfs_t, httpd_config_t, logrotate_tmp_t, logfile,
pidfile, named_cache_t, munin_etc_t, mysqld_etc_t, acct_data_t, security_t, var_spool_t,
nscd_var_run_t, sysctl_kernel_t, nfs_t.
Then execute:
restorecon -v '/var/opt/fma/fm/fmd'
***** Plugin catchall (17.1 confidence) suggests ***************************
If you believe that logrotate should be allowed read access on the fmd directory by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep logrotate /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp