Bug 2078490
| Summary: | akmods logrotate configuration produces error | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | copr |
| Component: | akmods | Assignee: | Nicolas Chauvet (kwizart) <kwizart> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 36 | CC: | hdegoede, hobbes1069, kwizart, leigh123linux, negativo17, nicolas.vieville, travier |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | akmods-0.5.7-8.fc37 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-04 08:16:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hello,
Thanks for reporting this issue.
As a temporary workaround and if you don't mind, could you please try
to edit (as root) the /etc/logrotate.d/akmods.conf file, and add one
line containing the su directive as shown above:
/var/log/akmods/akmods.log {
monthly
rotate 12
missingok
notifempty
create 644 root root
su root akmods
}
Any feedback about this proposed modification would be welcome.
Cordially,
--
NVieville
Hi,
I can confirm the modification works.
However I am not sure it is the correct solution as no other files on my system use the su directive even when they have different groups, e.g.:
$ stat /var/log/chrony/
File: /var/log/chrony/
Size: 0 Blocks: 0 IO Block: 4096 directory
Device: 0,35 Inode: 158422 Links: 1
Access: (0750/drwxr-x---) Uid: ( 986/ chrony) Gid: ( 982/ chrony)
Context: system_u:object_r:chronyd_var_log_t:s0
$ cat /etc/logrotate.d/chrony
/var/log/chrony/*.log {
missingok
nocreate
sharedscripts
postrotate
/usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
endscript
}
I'm not familiar enough with logrotate to know why it is not an issue for them.
Thanks,
nota
P.S. the file name akmods.conf also does not seem to follow the convention of the other packages, which use no suffix
FEDORA-2022-cb6b6b6ec2 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-cb6b6b6ec2 FEDORA-2022-cb6b6b6ec2 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. |
Description of problem: Version-Release number of selected component (if applicable): 0.5.7 How reproducible: Unknown, reliably on my machine Steps to Reproduce: 1. (possibly) upgrade from f35 2. Have akmods installed 3. Wait for logrotate Actual results: systemd[1]: Starting logrotate.service - Rotate log files... logrotate[366741]: error: skipping "/var/log/akmods/akmods.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE Expected results: Logrotate does not fail Additional info: $ stat /var/log/akmods/ File: /var/log/akmods/ Size: 20 Blocks: 0 IO Block: 4096 directory Device: 0,35 Inode: 9525134 Links: 1 Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: ( 970/ akmods) Context: system_u:object_r:var_log_t:s0 $ cat /etc/logrotate.d/akmods.conf /var/log/akmods/akmods.log { monthly rotate 12 missingok notifempty create 644 root root }