logrotate problems, again.

Sun Oct 26 08:43:00 UTC 2008

Greetings;

Like most who run fetchmail, I have cobbled up a script for logrotate to 
maintain the logs.

Unforch, every time I think I have it running correctly for about a month, 
then selinux has to get into the act.  From an email I got this morning:
------
/etc/cron.daily/logrotate:

system_u:system_r:unconfined_t:s0 is not a valid context
error: error running non-shared postrotate script for /var/log/fetchmail.log 
of '/var/log/fetchmail.log '
--------

So I assume its failed again.
-------------------
[root at coyote ~]# ls -l --lcontext /var/log/fetchmail.*
-rw------- 1 system_u:object_r:var_log_t:s0   gene gene        0 2008-10-26 
03:13 /var/log/fetchmail.log
-rw-r--r-- 1 system_u:object_r:var_log_t:s0   gene gene 80343007 2008-09-28 
06:13 /var/log/fetchmail.log-20080928
-rw------- 1 system_u:object_r:var_log_t:s0   gene gene   202387 2008-10-05 
05:09 /var/log/fetchmail.log-20081005.gz
-rw------- 1 system_u:object_r:var_log_t:s0   gene gene   197849 2008-10-12 
05:09 /var/log/fetchmail.log-20081012.gz
-rw------- 1 system_u:object_r:var_log_t:s0   gene gene   196517 2008-10-19 
05:09 /var/log/fetchmail.log-20081019.gz
-rw------- 1 system_u:object_r:var_log_t:s0   gene gene  3298789 2008-10-26 
03:13 /var/log/fetchmail.log-20081026
--------------------

And I haven't fixed anything.  And as can be seen from the size, it did fail.

Here is that stanza of logrotate's input 'mail' script:
---------------------------------
# Logrotate file for fetchmail.log and procmail.log

/var/log/fetchmail.log {
	missingok
	compress
	notifempty
	weekly
	rotate 5
	create 0600 gene gene
        postrotate
               /usr/bin/killall fetchmail
		sleep 1
========
# It appears that the non-logged in syntax is incorrect, so it did not restart 
# fetchmail, causing the email above.
		runcon -t unconfined_t -- runuser -l -c "fetchmail -d 
90 --fetchmailrc /home/gene/.fetchmailrc" gene

# So the above line has been commented, and this line substituted, which 
# worked to restart fetchmail right now.

su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"

# Which explains the email message from anacron, but this still leaves the 
# question as to why the log was NOT rotated.  It was not.  Next question:
# Does anacron have rights to su to gene?

========
        endscript
}
/var/log/procmail.log {
        missingok
        compress
        notifempty
        weekly
        rotate 5
        create 0600 gene gene
}
-----------------------------

Its a bit confusing to me because the syntax I must use when I launch 
fetchmail from rc.local, where no one is logged in yet during the bootup, is 
different from the syntax I have to use when I'm logged in, usually as root.  
And here, since it runs 24/7, there is me logged in.

What is the permanent cure for this problem please?

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Where does it go when you flush?