Bug 1149350 - Odd placement and no rotation of hawkey.log
Summary: Odd placement and no rotation of hawkey.log
Alias: None
Product: Fedora
Classification: Fedora
Component: hawkey
Version: 21
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Honza Silhan
QA Contact: Fedora Extras Quality Assurance
Keywords: Reopened
Depends On:
Blocks: 1175434
TreeView+ depends on / blocked
Reported: 2014-10-03 19:49 UTC by Göran Uddeborg
Modified: 2014-12-26 22:03 UTC (History)
6 users (show)

Clone Of:
: 1175434 (view as bug list)
Last Closed: 2014-12-13 09:53:34 UTC

Attachments (Terms of Use)

Description Göran Uddeborg 2014-10-03 19:49:12 UTC
Bug 1148627 brought my attention to the file /var/cache/dnf/…/hawkey.log.  I have two questions:
1. Is there any particular reason this log isn't placed in /var/log like all other logs.  It would be much easier to find there.
2. Is this log not meant to be rotated/cleaned in any way?  On my system it is currently well over 100MB, and seems to reach back almost a year.  What about adding a /etc/logrotate.d/hawkey to rotate this at some convenient interval?

Comment 1 Honza Silhan 2014-10-06 17:11:13 UTC
Hi Goran, good point, but this log is a bit tricky. "hawkey.log" is in sack's cache dir for each sack so the data are not merged from multiple sources. The depsolving output from libsolv should not be mixed by other proceses (PackageKit) to get valid debug info. The other usecase is when dnf developers ask users to compress and upload metadata cache dir we'll also get this log so we can see if sack was properly loaded.

Comment 2 Honza Silhan 2014-10-08 20:09:16 UTC
Log file added to dnf logrotate script

Comment 3 Fedora Update System 2014-12-09 14:06:28 UTC
dnf-0.6.3-2.fc21,dnf-plugins-core-0.1.4-1.fc21,hawkey-0.5.2-1.fc21 has been submitted as an update for Fedora 21.

Comment 4 Fedora Update System 2014-12-12 04:32:33 UTC
Package dnf-0.6.3-2.fc21, hawkey-0.5.2-1.fc21, dnf-plugins-core-0.1.4-1.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dnf-0.6.3-2.fc21 hawkey-0.5.2-1.fc21 dnf-plugins-core-0.1.4-1.fc21'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2014-12-13 09:53:34 UTC
dnf-0.6.3-2.fc21, hawkey-0.5.2-1.fc21, dnf-plugins-core-0.1.4-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Christophe Fergeau 2014-12-18 13:35:23 UTC
This causes selinux alerts on my system:

Additional Information:
Source Context                system_u:system_r:logrotate_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:rpm_var_cache_t:s0
Target Objects                /var/cache/dnf [ dir ]
Source                        logrotate
Source Path                   /usr/sbin/logrotate
Port                          <Unknown>
Host                          edamame.cdg.redhat.com
Source RPM Packages           logrotate-3.8.7-4.fc21.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-99.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     edamame.cdg.redhat.com
Platform                      Linux edamame.cdg.redhat.com
                              3.17.6-300.fc21.x86_64 #1 SMP Mon Dec 8 22:29:32
                              UTC 2014 x86_64 x86_64
Alert Count                   4
First Seen                    2014-12-15 11:29:01 CET
Last Seen                     2014-12-18 03:07:01 CET
Local ID                      08461e48-944d-4368-a9ed-3c4a590526d8

Raw Audit Messages
type=AVC msg=audit(1418868421.889:1592): avc:  denied  { read } for  pid=30264 comm="logrotate" name="dnf" dev="dm-2" ino=1191052 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_cache_t:s0 tclass=dir permissive=0

type=SYSCALL msg=audit(1418868421.889:1592): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=7fff17251b30 a2=90800 a3=0 items=0 ppid=30262 pid=30264 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=142 comm=logrotate exe=/usr/sbin/logrotate subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)

Hash: logrotate,logrotate_t,rpm_var_cache_t,dir,read

Comment 7 Göran Uddeborg 2014-12-18 20:46:40 UTC
Yes, I also got this AVC.  And I plan to report that too.  But even after locally creating an SELinux module to allow that access, the log still doesn't get rotated.  I'm trying to figure out why, before I make more reports.

Comment 8 Göran Uddeborg 2014-12-26 22:03:54 UTC
The AVC was reported, by Ankur Sinha, not me, in bug 1163438.  The confusion I had about the log still not being rotated I believe is because of a mistake in the logrotate configuration for dnf.  It applies to all logs dnf rotates, and I've filed a separate bug 1177394 about that.

Note You need to log in before you can comment on or make changes to this bug.