Bug 2369650
| Summary: | Call `systemctl reload` in logrotate postrotate script | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Marcos Mello <marcosfrm> |
| Component: | syslog-ng | Assignee: | Peter Czanik <peter> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 42 | CC: | mrunge, peter |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | syslog-ng-4.8.2-3.fc43 syslog-ng-4.8.2-5.fc42 | Doc Type: | --- |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-06-19 01:58:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marcos Mello
2025-06-01 19:38:20 UTC
rsyslog also uses `systemctl reload`: https://src.fedoraproject.org/rpms/rsyslog/blob/rawhide/f/rsyslog.log My unofficial syslog-ng packages had this logrotate at least for the past five years. It also adds "missingok":
```
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
postrotate
/usr/bin/systemctl kill -s HUP syslog-ng.service >/dev/null 2>&1 || true
endscript
}
```
Would it be OK?
(In reply to Peter Czanik from comment #2) > My unofficial syslog-ng packages had this logrotate at least for the past > five years. It also adds "missingok": > > ``` > /var/log/cron > /var/log/maillog > /var/log/messages > /var/log/secure > /var/log/spooler > { > missingok > sharedscripts > postrotate > /usr/bin/systemctl kill -s HUP syslog-ng.service >/dev/null 2>&1 || true > endscript > } > ``` > Would it be OK? Unfortunately, no, because the SELinux policy does not allow it. This is being addressed in this bug: https://bugzilla.redhat.com/show_bug.cgi?id=2369644 Only `systemctl reload` is allowed, which, in the case of syslog-ng.service, works since the signal to reopen the logs is the same as the one used for reloading. On a related note, `--kill-who=main` is generally recommended in `systemctl kill` calls within postrotate scripts, as it avoids signaling all processes in the service's cgroup, in case the daemon manages child processes on its own. If this behavior of signaling only the main process is important during the termination of the service, consider adding `KillMode=mixed` in the `[Service]` section of the service unit file (more information in the systemd.kill(5) man page). FEDORA-2025-e14f3483e3 (syslog-ng-4.8.2-3.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-e14f3483e3 FEDORA-2025-e14f3483e3 (syslog-ng-4.8.2-3.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2025-580a8fefe4 (syslog-ng-4.8.2-3.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-580a8fefe4 /bin/systemctl reload syslog-ng.service 2> /dev/null` 2> /dev/null || true is invalid shell syntax: line 1: unexpected EOF while looking for matching ``' FEDORA-2025-580a8fefe4 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-580a8fefe4` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-580a8fefe4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. Please reopen. In fact, you can simplify and remove those shell redirections with the try-reload-or-restart verb, which will print nothing and return zero if the service is not running: /bin/systemctl try-reload-or-restart syslog-ng.service It's supported since systemd 229, quite old. Thanks for spotting this. We had a long weekend (Whit Monday is a public holiday), but updating the packages now. FEDORA-2025-4511874820 (syslog-ng-4.8.2-5.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-4511874820 FEDORA-2025-4511874820 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4511874820` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4511874820 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2025-4511874820 (syslog-ng-4.8.2-5.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report. |