Thanks very much. Adding bind path did not help. I found that if I run rsyslog from command-line as unconfined_t, it works well. It is just the extra systemd locks which fail I have since written a simple systemd unit file to make rsyslog work and it has started working
# /etc/systemd/system/user-rsyslog.service [Unit] Description=Simple Rsyslog service After=network.target auditd.service [Service] Type=simple ExecStart=pkill -9 -f rsyslogd;/usr/sbin/rsyslogd -n -iNONE [Install] WantedBy=multi-user.target On Wed, Nov 8, 2023 at 4:47 PM Sven Joachim <svenj...@gmx.de> wrote: > On 2023-11-08 08:26 +0000, Bhasker C V wrote: > > > I moved my syslog to a different location '/tmp/server.log' > > A rather strange decision, since /tmp is usually pruned on reboot. > > > This was working all fine until I moved to selinux in enforcing mode. > > > > I have tried putting selinux in permissive state and that too did not > help > > Most likely your problem has nothing to do with selinux, but is rather > due to the hardening features implemented in rsyslog 8.2310.0-1. Among > other things, rsyslogd now gets its own /tmp directory (PrivateTmp=yes > in rsyslog.service) which is not shared with other processes. > > > Please could someone help ? Or if there is a procedure to move syslog > file > > /var/log/syslog to a different location, I am happy to follow ... > > If you insist on moving it to /tmp, one possibility is to use a bind > mount for /tmp/server.log. Run "systemctl edit rsyslog.service" and put > the following two lines in the file: > > [Service] > BindPaths=-/tmp/server.log > > You may also need a tmpfiles.d(5) snippet to create /tmp/server.log on > reboot if it does not exist. > > Good luck, > Sven > >
