logrotate problems, again.
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 27 19:18:31 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene Heskett wrote:
> Greetings;
>
> Like most who run fetchmail, I have cobbled up a script for logrotate to
> maintain the logs.
>
> Unforch, every time I think I have it running correctly for about a month,
> then selinux has to get into the act. From an email I got this morning:
> ------
> /etc/cron.daily/logrotate:
>
> system_u:system_r:unconfined_t:s0 is not a valid context
> error: error running non-shared postrotate script for /var/log/fetchmail.log
> of '/var/log/fetchmail.log '
> --------
>
> So I assume its failed again.
> -------------------
> [root at coyote ~]# ls -l --lcontext /var/log/fetchmail.*
> -rw------- 1 system_u:object_r:var_log_t:s0 gene gene 0 2008-10-26
> 03:13 /var/log/fetchmail.log
> -rw-r--r-- 1 system_u:object_r:var_log_t:s0 gene gene 80343007 2008-09-28
> 06:13 /var/log/fetchmail.log-20080928
> -rw------- 1 system_u:object_r:var_log_t:s0 gene gene 202387 2008-10-05
> 05:09 /var/log/fetchmail.log-20081005.gz
> -rw------- 1 system_u:object_r:var_log_t:s0 gene gene 197849 2008-10-12
> 05:09 /var/log/fetchmail.log-20081012.gz
> -rw------- 1 system_u:object_r:var_log_t:s0 gene gene 196517 2008-10-19
> 05:09 /var/log/fetchmail.log-20081019.gz
> -rw------- 1 system_u:object_r:var_log_t:s0 gene gene 3298789 2008-10-26
> 03:13 /var/log/fetchmail.log-20081026
> --------------------
>
> And I haven't fixed anything. And as can be seen from the size, it did fail.
>
> Here is that stanza of logrotate's input 'mail' script:
> ---------------------------------
> # Logrotate file for fetchmail.log and procmail.log
>
> /var/log/fetchmail.log {
> missingok
> compress
> notifempty
> weekly
> rotate 5
> create 0600 gene gene
> postrotate
> /usr/bin/killall fetchmail
> sleep 1
> ========
> # It appears that the non-logged in syntax is incorrect, so it did not restart
> # fetchmail, causing the email above.
> runcon -t unconfined_t -- runuser -l -c "fetchmail -d
> 90 --fetchmailrc /home/gene/.fetchmailrc" gene
>
This command is asking the system to run a process as
system_u:system_r:unconfined_t which is not valid on F9 or Rawhide.
And this is probably not something you want to do.
> # So the above line has been commented, and this line substituted, which
> # worked to restart fetchmail right now.
>
> su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"
>
> # Which explains the email message from anacron, but this still leaves the
> # question as to why the log was NOT rotated. It was not. Next question:
> # Does anacron have rights to su to gene?
>
> ========
> endscript
> }
> /var/log/procmail.log {
> missingok
> compress
> notifempty
> weekly
> rotate 5
> create 0600 gene gene
> }
> -----------------------------
>
> Its a bit confusing to me because the syntax I must use when I launch
> fetchmail from rc.local, where no one is logged in yet during the bootup, is
> different from the syntax I have to use when I'm logged in, usually as root.
> And here, since it runs 24/7, there is me logged in.
>
> What is the permanent cure for this problem please?
>
> Thanks.
>
I am not sure why logrotate could not rotate the log file.
Is the script trying to run fetchmail as the user gene? What AVC are
you seeing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkGFAcACgkQrlYvE4MpobPrlACg2deOqAPyGnXHxlZCp67GgJhq
N0UAn2HXxw85mT5MPlhekOg8PkQRMb4J
=vtX/
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list