Log rotation not working in Centos 7.2

Linux and Unix-Like Red Hat
1

All,

I am facing an issue as log rotation not working for me as expected for tomcat in centos 7.2. I configured log rotation command in crontab

*/5 * * * * root /usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1

I am trying to rotate below tomcat logs owned by application userID.
/usr/local/tomcat/logs

ls -ltr catalina*
-rw-r-----. 1 appid appgrp       8910 Jun 17 19:28 catalina.2016-06-17.log
-rw-r-----. 1 appid appgrp     104739 Jun 20 17:28 catalina.2016-06-20.log
-rw-r-----. 1 appid appgrp      26051 Jul  1 17:00 catalina.2016-07-01.log
-rw-r-----. 1 appid appgrp      39238 Jul 20 20:34 catalina.2016-07-20.log
-rw-r-----. 1 appid appgrp 6141522000 Aug  4 19:05 catalina.out

if you see above files it's a 6GB of catalina.out where it should get rotated at 10M itself which didn't happen.

CentOS Linux release 7.2.1511 (Core)

/usr/local/tomcat/logs/catalina.out
{
    rotate 25
    size 10M
    missingok
    start 0
    nodateext
    notifempty
    compress
    delaycompress
    copytruncate
    create 744 crtc crtc
    sharedscripts
    postrotate
    endscript
}

I checked audit logs and found below error message

type=AVC msg=audit(1470324541.165:210294): avc:  denied  { create } for  pid=11644 comm="logrotate" name="catalina.out.0" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
        Was caused by:
                Unknown - would be allowed by active policy
                Possible mismatch between this policy and the one under which the audit message was generated.

                Possible mismatch between current in-memory boolean settings vs. permanent ones.


type=AVC msg=audit(1470325921.157:98): avc:  denied  { write } for  pid=2790 comm="logrotate" name="catalina.out.0" dev="vda1" ino=658223 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
        Was caused by:
                Unknown - would be allowed by active policy
                Possible mismatch between this policy and the one under which the audit message was generated.

                Possible mismatch between current in-memory boolean settings vs. permanent ones.

I tried to create a logrotate_t.pp file still no luck. It's working only when I put selinux in permissive mode it's working

# getenforce
Permissive

Is there any alternate work around to deal this issue as I don't want to keep selinux in permissive mode.

Thanks in advance.
Shekar