Bug 219767 - Logrotate can not rotate files on non-selinux filesystem
Summary: Logrotate can not rotate files on non-selinux filesystem
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: logrotate (Show other bugs)
(Show other bugs)
Version: 4.4
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Tomas Smetana
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2006-12-15 10:00 UTC by Göran Uddeborg
Modified: 2015-01-08 00:15 UTC (History)
4 users (show)

Fixed In Version: RHBA-2008-0703
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-24 19:52:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0703 normal SHIPPED_LIVE logrotate bug fix and enhancement update 2008-07-23 16:31:04 UTC

Description Göran Uddeborg 2006-12-15 10:00:15 UTC
Description of problem:
Using logrotate to rotate files on a file system that does not support file
contexts fails.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1.Mount an NFS filesystem
2.Set up logrotate to rotate a file on this filesystem
3.Run logrotate with this configuration

Actual results:
I get an error message:
   error: error getting file context /users/uddeborg/post/SPAM: Operation not

And the log file is not rotated.

Expected results:
The file ought to be rotated.

Additional info:
Logrotate test if selinux is active.  If it is in enforcing mode, it is
considered an error if getfilecon() fails, and the rotation is aborted.  The
mistake in this logic is to assume that if a system is in SELinux enforcing
mode, then all files will have attributes.

Rotation options are not considered.  The bug is triggered even if the log is
rotated in a way that would not create any new file.

Comment 2 Daniel Walsh 2007-01-08 17:11:39 UTC
What avc messages are you seeing?  

Comment 3 Göran Uddeborg 2007-01-10 12:55:34 UTC
I don't get any avc messages.  SELinux is not stopping logrotate from doing its job.

Rather (as indicated in comment 0) logrotate aborts if getfilecon() fails.  It
should not do that, at least not when the reason is ENOTSUP.

Comment 4 Daniel Walsh 2007-01-10 21:18:10 UTC
That seems reasonable to me.

Comment 5 Peter Vrabec 2007-01-14 12:34:00 UTC
I have changed it:
-                       if (selinux_enforce) {
+                       if (selinux_enforce && errno != ENOTSUP) {
                                return 1;

Could you test this package, please.

Comment 6 Göran Uddeborg 2007-01-17 12:24:48 UTC
It seems to rotate as expected.

I still get an error message, which is somewhat confusing.  I would suggest
moving that too within an ENOTSUP test.  At least it should not be a message on
the MESS_ERROR level in the ENOTSUP case.

But the rotation as such works correctly as far as I can tell!

Comment 7 Peter Vrabec 2007-01-18 13:10:26 UTC
Oooops, I just see this bug is fixed in rhel5, fc6.

Comment 8 RHEL Product and Program Management 2007-11-29 04:22:52 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 14 errata-xmlrpc 2008-07-24 19:52:10 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.