Each and every day I get the following email:
error: error switching euid to 116 and egid to 121: Operation not permitted
run-parts: /etc/cron.daily/logrotate exited with return code 1
This happens because of the "su puppetdb puppetdb" line in puppetdb's logrotate configuration, which in turn triggers the following SELinux policy rule:
root@zarquon:~# sesearch -t logrotate_t -s logrotate_t --dontaudit
Found 1 semantic av rules:
dontaudit logrotate_t logrotate_t : capability
As a workaround, I could change the SELinux policy, but I'm reluctant to do that, as this is a rule that is explicitly denied.