From af6492717761236f9f382afd222195f29f1f89f2 Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Apr 14 2024 14:08:58 +0000
Subject: Merge branch 'crameleon/mtail-facl' into 'production'


Configure ACL on syslog fifo for mtail

See merge request infra/salt!1699
---

diff --git a/salt/profile/log/mtail.sls b/salt/profile/log/mtail.sls
index 2dbfb53..135a567 100644
--- a/salt/profile/log/mtail.sls
+++ b/salt/profile/log/mtail.sls
@@ -9,3 +9,9 @@ include:
     - watch_in:
         - service: mtail
         - service: rsyslog
+  acl.present:
+    - acl_type: user
+    - acl_name: mtail
+    - perms: r
+    - require:
+        - file: /var/log/syslog
diff --git a/test/setup/role/mailserver b/test/setup/role/mailserver
new file mode 100755
index 0000000..f5031ba
--- /dev/null
+++ b/test/setup/role/mailserver
@@ -0,0 +1,4 @@
+#!/bin/sh -eu
+
+# acl.present fails in test mode if target does not yet exist
+mkfifo /var/log/syslog