2372726 – Use `systemctl kill` in logrotate postrotate script

Bug 2372726 - Use `systemctl kill` in logrotate postrotate script

Summary: Use `systemctl kill` in logrotate postrotate script

Keywords:
Status:	MODIFIED
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	monitorix
Sub Component:
Version:	42
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Jordi Sanfeliu
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-13 17:24 UTC by Marcos Mello
Modified:	2025-09-02 12:47 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Marcos Mello 2025-06-13 17:24:52 UTC

`systemctl kill` leverages systemd's knowledge of the daemon's main PID, eliminating the need to rely on PID files or external tools like `killall` or `pkill`. This ensures precise signal sending to the intended process, reducing the risk of errors in process identification. Additionally, using `systemctl kill` logs the signal sending in the service's journal, providing a record of actions taken. Requires selinux-policy-41.43 or higher (see https://bugzilla.redhat.com/show_bug.cgi?id=2369644), available as an update for F41, F42, and Rawhide.

https://bodhi.fedoraproject.org/updates/FEDORA-2025-eb98eb9e24 (F41 -- will go to stable in a few days)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-f9f097f491 (F42 -- stable)
https://bodhi.fedoraproject.org/updates/FEDORA-2025-3db4c0ec1c (Rawhide)

The logrotate configuration snippet:

# cat /etc/logrotate.d/monitorix
/var/log/monitorix /var/log/monitorix-httpd {
        nocompress
        missingok
        postrotate
                /bin/kill -HUP `cat /var/run/monitorix.pid 2>/dev/null` 2> /dev/null || true
        endscript
}

In the postrotate script, kill can be replaced by:

/usr/bin/systemctl kill --signal=HUP --kill-whom=main monitorix.service 2>/dev/null || true

Because:

# systemctl show -P MainPID monitorix.service
2109
# cat /var/run/monitorix.pid
2109

Reproducible: Always




Additional Information:
monitorix-3.16.0-2.fc42.noarch

Comment 1 Jordi Sanfeliu 2025-06-19 10:27:04 UTC

If I apply your suggested change then log logrotation won't work on RHEL8 and derivatives:

# /usr/bin/systemctl kill --signal=HUP --kill-whom=main monitorix.service
/usr/bin/systemctl: unrecognized option '--kill-whom=main'

Comment 2 Marcos Mello 2025-06-19 16:09:46 UTC

Before systemd 252, the option was --kill-who (still supported for compatibility in later versions). I didn't consider EPEL builds because it's unclear whether the required SELinux policy update for `systemctl kill` to function in this context will be backported to RHEL (RHEL 9 already includes systemd 252, by the way). Thus, this modification applies only to Fedora.

Comment 3 Jordi Sanfeliu 2025-09-01 14:40:03 UTC

Forgot to reply here that I've pushed a commit that should fix this:

<https://github.com/mikaku/Monitorix/commit/15f9c86b3866e2c940534303cc2393dd887e1188>

Comment 4 Marcos Mello 2025-09-02 12:47:10 UTC

The RHEL SELinux policy *needs* to have this commit (present in Fedora 41+)

https://github.com/fedora-selinux/selinux-policy/commit/3daaed0cc20a19afd48e82231d1d0ae45129d66d

otherwise it won't work. Therefore, it's better to use `0%{?fedora} >= 41` for now.

Note You need to log in before you can comment on or make changes to this bug.