Bug 498165 - boinc-client tries to touch /var/run/boinc_was_running and fails
boinc-client tries to touch /var/run/boinc_was_running and fails
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: boinc-client (Show other bugs)
10
All Linux
medium Severity medium
: ---
: ---
Assigned To: Milos Jakubicek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-29 05:03 EDT by Patrick C. F. Ernzer
Modified: 2009-08-21 20:56 EDT (History)
6 users (show)

See Also:
Fixed In Version: 6.6.37-2.r18632svn.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-01 19:59:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Output from setroubleshoot (3.35 KB, text/plain)
2009-05-10 08:07 EDT, William Makowski
no flags Details

  None (edit)
Description Patrick C. F. Ernzer 2009-04-29 05:03:01 EDT
Description of problem:
I started getting this message from logrotate:
touch: cannot touch `/var/run/boinc_was_running': Permission denied
Which is not surprising as /var/run is
drwxr-xr-x 35 root      root
and boinc-client runs (as it should) as user 'boinc'

Version-Release number of selected component (if applicable):
logrotate-3.7.7-1.fc10.x86_64
boinc-client-6.4.7-10.r17542svn.fc10.x86_64

How reproducible:
happens each logrotate run

Steps to Reproduce:
1. have boinc-client installed
2. /etc/sysconfig/boinc-client left as shipped in the rpm
3. wait for next rotation of logs
  
Actual results:
touch: cannot touch `/var/run/boinc_was_running': Permission denied

Expected results:
log rotation working

Additional info:
it's probably easiest if we move the boinc_was_running file to boinc's working directory or a subdirectory of it (/var/lib/boinc/var/run/boinc_was_running maybe?) and adjust /etc/sysconfig/boinc-client
Comment 1 Milos Jakubicek 2009-04-29 05:20:54 EDT
Blah...thanks for report, will fix this asap.
Comment 2 Milos Jakubicek 2009-04-29 17:32:26 EDT
Well...I have now read your description carefully and became somewhat confused:

First of all, boinc-client is running under the boinc account, but this doesn't matter, the logs are rotated by the logrotate daemon which operates under the root account (it is started by cron).

Moreover, this has nothing to do with the sysconfig file, but with the logrotate configuration (/etc/logrotate.d/boinc-client).

I also cannot reproduce this in any way -- where do you get those error messages? When you force logrotate directly (logrotate -f)? Could you please post the full output of `logrotate -f /etc/logrotate.conf` (Note that this will rotate *all* your logs).
Comment 3 Patrick C. F. Ernzer 2009-05-05 08:21:11 EDT
(In reply to comment #2)
> Moreover, this has nothing to do with the sysconfig file, but with the
> logrotate configuration (/etc/logrotate.d/boinc-client).

true. Albeit that file is also not modified (just verified with rpm -V)

> I also cannot reproduce this in any way 

my bad, should have looked closer before posting, while it seemed in my recollection to happen on each run, it only happens on some of the logrotate runs, I am not yet sure what is different in the failing runs.

FWIW: I get this on three machines (F10 i386, F10 x86_64 and rawhide x86_64)

>-- where do you get those error messages?

in cron's and anacron's emails

> When you force logrotate directly (logrotate -f)? Could you please
> post the full output of `logrotate -f /etc/logrotate.conf` (Note that this will
> rotate *all* your logs).  

No output at all. Tried rotating logs in the following scenarios
  - boinc running
  - boinc stopped cleanly
  - all boinc processes kill -9'ed
still, all forced log rotations went through without complaints.
Comment 4 William Makowski 2009-05-10 08:07:01 EDT
Created attachment 343260 [details]
Output from setroubleshoot

I have just experienced the same issue on Rawhide, but did not have it on Fedora 10.  The problem seems to be coming from SELinux.  The summary from setroubleshoot is "SELinux is preventing touch (logrotate_t) "write" to run (var_run_t)."

I've included the complete text as an attachment.  I don't have much experience with SELinux and have not tried using the restorecon command to fix the file context.  We may need to file a bug report against the selinux-policy package.
Comment 5 William Makowski 2009-05-24 05:52:45 EDT
As Patrick mentioned changing the location of the boinc_was_running file is probably the easiest solution.  Rather than go through SELinux policy I changed all references of /var/run/boinc_was_running to /tmp/boinc_was_running in /etc/logrotate.d/boinc-client.  I've tested this solution and it resolves the error.  Logs were rotating, but boinc-client would stop during prerotate and never restart since the boinc_was_running file did not get created.

The /var/run directory is meant more for pid files and information on running processes anyway.  I felt that /tmp is the right spot for this since this file is very temporary in nature and simply acts as a trigger to stop and start boinc-client during log rotation.  In my opinion /var/lib/boinc is meant to hold application data for boinc-client.  While logrotate does stop and start boinc-client, the process really is separate from anything being done in the boinc working directory.
Comment 6 Milos Jakubicek 2009-05-24 07:16:27 EDT
Patrick, William: sorry for the delay and thank you for your information. The proposed solution (moving to /tmp) sounds like a good plan to me (definitely it is much better than changing/providing SELinux policy, there have been already some troubles with SELinux & boinc).

I'll modify the package accordingly, probably together with updating to the 6.6 branch.
Comment 7 Patrick C. F. Ernzer 2009-05-24 13:27:08 EDT
I agree that changing SELinux policy for this is overkill.
I would suggest putting the file into boinc's work directory though (/var/lib/boinc/), final decision is up to you.
Please tell when a package is available in updates-testing, I'll install it and let it run for a week or two
Comment 8 Milos Jakubicek 2009-05-24 14:50:05 EDT
Unfortunately, this would bring us to the same problem, just instead of "var_run_t" it would be "var_lib_t" -- this was the former SELinux issue, the log files were previously in /var/lib/boinc.
Comment 9 Patrick C. F. Ernzer 2009-05-25 09:32:06 EDT
true, /facepalm
to /tmp it goes then
Comment 10 William Makowski 2009-07-21 09:29:41 EDT
Milos, will the F10 and F11 packages be updated with a fix?
Comment 11 Milos Jakubicek 2009-07-21 15:17:36 EDT
Definitely yes...hopefully even today I'll get to it.
Comment 12 Fedora Update System 2009-07-21 20:00:50 EDT
boinc-client-6.6.37-2.r18632svn.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/boinc-client-6.6.37-2.r18632svn.fc11
Comment 13 Patrick C. F. Ernzer 2009-07-23 09:02:57 EDT
installed 6.6.37-2.r18632svn.fc11 on 3 affected F11 boxes, will report back in about a week if logrotate went fine.
Comment 14 Fedora Update System 2009-07-23 15:02:44 EDT
boinc-client-6.6.37-2.r18632svn.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update boinc-client'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7940
Comment 15 Fedora Update System 2009-07-24 07:35:09 EDT
boinc-client-6.6.37-2.r18632svn.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/boinc-client-6.6.37-2.r18632svn.fc10
Comment 16 Fedora Update System 2009-07-24 15:36:05 EDT
boinc-client-6.6.37-2.r18632svn.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update boinc-client'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-7973
Comment 17 Fedora Update System 2009-08-01 19:59:23 EDT
boinc-client-6.6.37-2.r18632svn.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2009-08-21 20:56:36 EDT
boinc-client-6.6.37-2.r18632svn.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.