Hi,
I'm getting log file entries about ejabberd not being able to remove
files that were uploaded by client through the file upload facility of
XMPP. With the help of audit2allow, I have already created and
installed some selinux modules to solve such issues, and still files
can't be expired.
So I used
grep '/srv/data/ejabberd' /var/log/audit/audit.log | audit2allow -w
to find out what might cause this, and the answer is:
type=AVC msg=audit(1606302910.314:2905): avc: denied { open } for
pid=18687 comm="8_dirty_io_sche" path="/srv/data/ejabberd/[...]"
dev="md100" ino=166 scontext=system_u:system_r:ejabberd_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under
which the audit message was generated.
Possible mismatch between current in-memory boolean
settings vs. permanent ones.
I have reloaded the policies with 'semodule -R', and that didn't change
anything. The files in question seem to have the correct attributes like:
ls -laZ /srv/data/ejabberd/[...]
-rw-r--r--. 1 ejabberd ejabberd system_u:object_r:var_t:s0 1384362 Nov
25 12:15 /srv/data/ejabberd/[...]
Ejabberd is supposed to expire files when they are older than desired,
and selinux prevents it. How can I solve this problem other than by
disabling selinux or by deleting the files manually?