Bug 2078490 - akmods logrotate configuration produces error
Summary: akmods logrotate configuration produces error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: akmods
Version: 36
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nicolas Chauvet (kwizart)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-04-25 13:09 UTC by copr
Modified: 2022-05-04 08:16 UTC (History)
7 users (show)

Fixed In Version: akmods-0.5.7-8.fc37
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-04 08:16:10 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description copr 2022-04-25 13:09:44 UTC 
Description of problem:


Version-Release number of selected component (if applicable): 0.5.7


How reproducible: Unknown, reliably on my machine


Steps to Reproduce:
1. (possibly) upgrade from f35
2. Have akmods installed
3. Wait for logrotate

Actual results:

    systemd[1]: Starting logrotate.service - Rotate log files...
    logrotate[366741]: error: skipping "/var/log/akmods/akmods.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE


Expected results: Logrotate does not fail


Additional info:

$ stat /var/log/akmods/
  File: /var/log/akmods/
  Size: 20        	Blocks: 0          IO Block: 4096   directory
Device: 0,35	Inode: 9525134     Links: 1
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: (  970/  akmods)
Context: system_u:object_r:var_log_t:s0

$ cat /etc/logrotate.d/akmods.conf 
/var/log/akmods/akmods.log {
    monthly
    rotate 12
    missingok
    notifempty
    create 644 root root
}
Comment 1 nicolas.vieville 2022-04-25 13:55:42 UTC 
Hello,

Thanks for reporting this issue.

As a temporary workaround and if you don't mind, could you please try 
to edit (as root) the /etc/logrotate.d/akmods.conf file, and add one 
line containing the su directive as shown above:

/var/log/akmods/akmods.log {
    monthly
    rotate 12
    missingok
    notifempty
    create 644 root root
    su root akmods
}

Any feedback about this proposed modification would be welcome.

Cordially,


-- 
NVieville
Comment 2 copr 2022-04-25 19:24:31 UTC 
Hi,

I can confirm the modification works.

However I am not sure it is the correct solution as no other files on my system use the su directive even when they have different groups, e.g.:

$ stat /var/log/chrony/
  File: /var/log/chrony/
  Size: 0         	Blocks: 0          IO Block: 4096   directory
Device: 0,35	Inode: 158422      Links: 1
Access: (0750/drwxr-x---)  Uid: (  986/  chrony)   Gid: (  982/  chrony)
Context: system_u:object_r:chronyd_var_log_t:s0

$ cat /etc/logrotate.d/chrony
/var/log/chrony/*.log {
    missingok
    nocreate
    sharedscripts
    postrotate
        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
    endscript
}

I'm not familiar enough with logrotate to know why it is not an issue for them.

Thanks,

nota

P.S. the file name akmods.conf also does not seem to follow the convention of the other packages, which use no suffix
Comment 3 Fedora Update System 2022-05-04 08:14:44 UTC 
FEDORA-2022-cb6b6b6ec2 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-cb6b6b6ec2
Comment 4 Fedora Update System 2022-05-04 08:16:10 UTC 
FEDORA-2022-cb6b6b6ec2 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.