Description of problem:
  A container using the SELinux domain of container_logreader_t to watch container logs on the host at /var/log cannot access the logs from /var/log/containers since those logs are a symbolic link to /var/log/pods. All other log files in /var/log are accessible just not ones that are symlinks.
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1. Create symlinks in /var/log 2. Use container_logreader_t  3. Attempt follow symlinks to watch attributes on files  Â
Actual results:
Permission denied
Expected results:
No permission issues
Additional info:
Â
- clones
-
OCPBUGS-48555 SELinux container_logreader_t cannot watch /var/log symlinks
-
- Verified
-
- is cloned by
-
OCPBUGS-54343 [4.17] SELinux container_logreader_t cannot watch /var/log symlinks
-
- Closed
-
- links to
-
RHBA-2025:3775 OpenShift Container Platform 4.18.z bug fix update