Bug 2078490

Summary: akmods logrotate configuration produces error
Product: [Fedora] Fedora Reporter: copr
Component: akmodsAssignee: Nicolas Chauvet (kwizart) <kwizart>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 36CC: hdegoede, hobbes1069, kwizart, leigh123linux, negativo17, nicolas.vieville, travier
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: akmods-0.5.7-8.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-04 08:16:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description copr 2022-04-25 13:09:44 UTC
Description of problem:

Version-Release number of selected component (if applicable): 0.5.7

How reproducible: Unknown, reliably on my machine

Steps to Reproduce:
1. (possibly) upgrade from f35
2. Have akmods installed
3. Wait for logrotate

Actual results:

    systemd[1]: Starting logrotate.service - Rotate log files...
    logrotate[366741]: error: skipping "/var/log/akmods/akmods.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE

Expected results: Logrotate does not fail

Additional info:

$ stat /var/log/akmods/
  File: /var/log/akmods/
  Size: 20        	Blocks: 0          IO Block: 4096   directory
Device: 0,35	Inode: 9525134     Links: 1
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: (  970/  akmods)
Context: system_u:object_r:var_log_t:s0

$ cat /etc/logrotate.d/akmods.conf 
/var/log/akmods/akmods.log {
    rotate 12
    create 644 root root

Comment 1 nicolas.vieville 2022-04-25 13:55:42 UTC

Thanks for reporting this issue.

As a temporary workaround and if you don't mind, could you please try 
to edit (as root) the /etc/logrotate.d/akmods.conf file, and add one 
line containing the su directive as shown above:

/var/log/akmods/akmods.log {
    rotate 12
    create 644 root root
    su root akmods

Any feedback about this proposed modification would be welcome.



Comment 2 copr 2022-04-25 19:24:31 UTC

I can confirm the modification works.

However I am not sure it is the correct solution as no other files on my system use the su directive even when they have different groups, e.g.:

$ stat /var/log/chrony/
  File: /var/log/chrony/
  Size: 0         	Blocks: 0          IO Block: 4096   directory
Device: 0,35	Inode: 158422      Links: 1
Access: (0750/drwxr-x---)  Uid: (  986/  chrony)   Gid: (  982/  chrony)
Context: system_u:object_r:chronyd_var_log_t:s0

$ cat /etc/logrotate.d/chrony
/var/log/chrony/*.log {
        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true

I'm not familiar enough with logrotate to know why it is not an issue for them.



P.S. the file name akmods.conf also does not seem to follow the convention of the other packages, which use no suffix

Comment 3 Fedora Update System 2022-05-04 08:14:44 UTC
FEDORA-2022-cb6b6b6ec2 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-cb6b6b6ec2

Comment 4 Fedora Update System 2022-05-04 08:16:10 UTC
FEDORA-2022-cb6b6b6ec2 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.