Bug 219767 - Logrotate can not rotate files on non-selinux filesystem
Logrotate can not rotate files on non-selinux filesystem
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: logrotate (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Smetana
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-15 05:00 EST by Göran Uddeborg
Modified: 2015-01-07 19:15 EST (History)
4 users (show)

See Also:
Fixed In Version: RHBA-2008-0703
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-24 15:52:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Göran Uddeborg 2006-12-15 05:00:15 EST
Description of problem:
Using logrotate to rotate files on a file system that does not support file
contexts fails.

Version-Release number of selected component (if applicable):
logrotate-3.7.1-5.RHEL4

How reproducible:
Every time

Steps to Reproduce:
1.Mount an NFS filesystem
2.Set up logrotate to rotate a file on this filesystem
3.Run logrotate with this configuration

Actual results:
I get an error message:
   error: error getting file context /users/uddeborg/post/SPAM: Operation not
supported

And the log file is not rotated.

Expected results:
The file ought to be rotated.

Additional info:
Logrotate test if selinux is active.  If it is in enforcing mode, it is
considered an error if getfilecon() fails, and the rotation is aborted.  The
mistake in this logic is to assume that if a system is in SELinux enforcing
mode, then all files will have attributes.

Rotation options are not considered.  The bug is triggered even if the log is
rotated in a way that would not create any new file.
Comment 2 Daniel Walsh 2007-01-08 12:11:39 EST
What avc messages are you seeing?  
Comment 3 Göran Uddeborg 2007-01-10 07:55:34 EST
I don't get any avc messages.  SELinux is not stopping logrotate from doing its job.

Rather (as indicated in comment 0) logrotate aborts if getfilecon() fails.  It
should not do that, at least not when the reason is ENOTSUP.
Comment 4 Daniel Walsh 2007-01-10 16:18:10 EST
That seems reasonable to me.
Comment 5 Peter Vrabec 2007-01-14 07:34:00 EST
I have changed it:
-                       if (selinux_enforce) {
+                       if (selinux_enforce && errno != ENOTSUP) {
                                return 1;
                        }

Could you test this package, please.
http://people.redhat.com/pvrabec/rpms/logrotate-3.7.1-7.src.rpm
Comment 6 Göran Uddeborg 2007-01-17 07:24:48 EST
It seems to rotate as expected.

I still get an error message, which is somewhat confusing.  I would suggest
moving that too within an ENOTSUP test.  At least it should not be a message on
the MESS_ERROR level in the ENOTSUP case.

But the rotation as such works correctly as far as I can tell!
Comment 7 Peter Vrabec 2007-01-18 08:10:26 EST
Oooops, I just see this bug is fixed in rhel5, fc6.
Comment 8 RHEL Product and Program Management 2007-11-28 23:22:52 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 14 errata-xmlrpc 2008-07-24 15:52:10 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0703.html

Note You need to log in before you can comment on or make changes to this bug.