Bug 2372808

Summary: Use `systemctl kill` in logrotate postrotate script
Product: [Fedora] Fedora Reporter: Marcos Mello <marcosfrm>
Component: cyrus-imapdAssignee: Martin Osvald 🛹 <mosvald>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 42CC: fhrdina, jorton, j, mosvald, pavel, zdohnal
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcos Mello 2025-06-13 21:58:43 UTC 
`systemctl kill` leverages systemd's knowledge of the daemon's main PID, eliminating the need to rely on PID files or external tools like `killall` or `pkill`. This ensures precise signal sending to the intended process, reducing the risk of errors in process identification. Additionally, using `systemctl kill` logs the signal sending in the service's journal, providing a record of actions taken. Requires selinux-policy-41.43 or higher (see https://bugzilla.redhat.com/show_bug.cgi?id=2369644), available as an update for F41, F42, and Rawhide.

https://bodhi.fedoraproject.org/updates/FEDORA-2025-eb98eb9e24 (F41 -- will go to stable in a few days)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-f9f097f491 (F42 -- stable)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-3db4c0ec1c (Rawhide)

The logrotate configuration snippet:

# cat /etc/logrotate.d/cyrus-imapd
/var/log/imapd.log /var/log/auth.log {
    missingok
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

In the postrotate script, kill can be replaced by:

/usr/bin/systemctl kill --signal=HUP --kill-whom=main rsyslog.service 2>/dev/null || true

Because:

# systemctl show -P MainPID rsyslog.service
2440
# cat /var/run/rsyslogd.pid
2440

HAProxy does something similar, but it signals rsyslog and syslog-ng. I'm not sure if it's applicable here. See: https://bugzilla.redhat.com/show_bug.cgi?id=2372782.

Reproducible: Always




Additional Information:
cyrus-imapd-3.8.3-10.fc42.x86_64