When logrotate creates a new /var/log/messages is gets the wrong selinux context ie:

[root@hostname log]# ls -Z messages
-rw------- root root system_ubject_r:file_t:s0 messages
[root@hostname log]# ls -Z messages.1
-rw------- root root system_ubject_r:var_log_t:s0 messages.1

The same is true for other log files (maillog,secure,spooler)

logrotate version: logrotate-3.7.4-8

This behaviour prevents these logs being written when selinux is enabled.

I could potentially use restorecond or a cron job to fix them, but it doesn't seem like the right thing to do.

Steven

Was anything changed in the way logrotate runs?
Was anything changed in /etc/logrotate.d/syslog?
What does 'grep g/messages /etc/selinux/targeted/modules/active/file_contexts' return? I have one entry showing context "var_log_t".

Thank you for the reply so for being late in replying. The full story is that this machine belongs to a customer of whose previous system administrator has done some things in an attempt to harden the machine. The customer is now asking me to help Put things straight. Still it's a bit of a pain because I have to arrange access before hand.

The answers to your questions are:

Was anything changed in the way logrotate runs? Possibly.

Was anything changed in /etc/logrotate.d/syslog? Doesn't look like it.

[root@hostname etc]# grep g/messages /etc/selinux/targeted/modules/active/file_contexts
/var/log/messages[^/]* system_ubject_r:var_log_t:s0

So I am still a bit lost as to why the context is wrong.

interestingly touch messages creates a file with this context:
-rw-r--r-- root root user_ubject_r:var_log_t:s0 messages


I would be grateful for any more thoughts.

Thanks

Steven

Try

restorecon -vvF /var/log/messages