Bug 169006 - Syslogd not able to write to ext3 Logical Volume. Get sync error
Syslogd not able to write to ext3 Logical Volume. Get sync error
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: sysklogd (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2005-09-21 21:31 EDT by Phillip Short
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-22 13:50:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Phillip Short 2005-09-21 21:31:07 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050729 Fedora/1.0.6-3.EL (CK-IBM) Firefox/1.0.6

Description of problem:
A new logical volume was created and mounted as /var/log.  Prior to this syslog was able to write logs to the /var filesystem which is a logical volume on the same physical volume as the /var/log lv. Syslogd is stopped and the new lv mounted . After syslogd is restarted no logs are created.  Running strace on the syslogd           daemon shows the following errors.

writev(1, [{"Sep 21 16:48:00", 15}, {" ", 1}, {"", 12}, {" ", 1}, {"Sep 21 2005 16:53:09 inpix01 : %"..., 184}, {"\r\n", 2}], 6) = 215
fsync(1)                                = -1 EINVAL (Invalid argument)

Version-Release number of selected component (if applicable):
sysklogd-1.4.1-26_EL and lvm2-2.01.08-1.0.RHEL4

How reproducible:

Steps to Reproduce:
1.stop syslogd
2.mount new lv
3.start syslogd


Actual Results:  No logs created

Expected Results:  Logs being written to files in /var/log

Additional info:

I created another lv on the same server and had the same problem
Comment 1 Phillip Short 2005-09-22 08:23:26 EDT
I tried copying all the files on /var to the filesystem I used as /var/log and
mounted it as /var.  I then ran strace on syslogd and saw the following problem.
I confirmed that root could create the file from the commandline and that the
syslogd process was running as root. Please Note that this issue was raised as a
Security bug as without logging we cannot fullfill our security conditions.

set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ff5aa0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
munmap(0xb7ff6000, 38344)               = 0
getpid()                                = 3366
chdir("/")                              = 0
brk(0)                                  = 0x9366000
brk(0x9387000)                          = 0x9387000
open("/var/run/syslogd.pid", O_RDONLY)  = -1 EACCES (Permission denied)
rt_sigaction(SIGTERM, {0xc28238, [TERM], SA_RESTORER|SA_RESTART, 0x9fb8c8},
{SIG_DFL}, 8) = 0
Comment 2 Jason Vas Dias 2005-09-22 13:50:53 EDT
You have SELinux in Enforcing mode, no ?

If NOT, then you did not copy /var/log with 'cp -rfp...' / 'tar -cp...' to
preserve access modes - doing so should fix the problem:
  # ( cd /var; tar -cpf - . ) | ( cd /new_var; tar -xpf - ) 

If so - SELinux is enabled in Enforcing mode - then, with your new /var 
filesystem mounted, you need to do, as root:
  # setenforce 0
  # restorecon -R /var
  # setenforce 1 

Note You need to log in before you can comment on or make changes to this bug.