-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene Heskett wrote:
Greetings;
Like most who run fetchmail, I have cobbled up a script for logrotate to
maintain the logs.
Unforch, every time I think I have it running correctly for about a month,
then selinux has to get into the act. From an email I got this morning:
------
/etc/cron.daily/logrotate:
system_u:system_r:unconfined_t:s0 is not a valid context
error: error running non-shared postrotate script for /var/log/fetchmail.log
of '/var/log/fetchmail.log '
--------
So I assume its failed again.
-------------------
[root@coyote ~]# ls -l --lcontext /var/log/fetchmail.*
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 0 2008-10-26
03:13 /var/log/fetchmail.log
-rw-r--r-- 1 system_u:object_r:var_log_t:s0 gene gene 80343007 2008-09-28
06:13 /var/log/fetchmail.log-20080928
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 202387 2008-10-05
05:09 /var/log/fetchmail.log-20081005.gz
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 197849 2008-10-12
05:09 /var/log/fetchmail.log-20081012.gz
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 196517 2008-10-19
05:09 /var/log/fetchmail.log-20081019.gz
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 3298789 2008-10-26
03:13 /var/log/fetchmail.log-20081026
--------------------
And I haven't fixed anything. And as can be seen from the size, it did fail.
Here is that stanza of logrotate's input 'mail' script:
---------------------------------
# Logrotate file for fetchmail.log and procmail.log
/var/log/fetchmail.log {
missingok
compress
notifempty
weekly
rotate 5
create 0600 gene gene
postrotate
/usr/bin/killall fetchmail
sleep 1
========
# It appears that the non-logged in syntax is incorrect, so it did not restart
# fetchmail, causing the email above.
runcon -t unconfined_t -- runuser -l -c "fetchmail -d
90 --fetchmailrc /home/gene/.fetchmailrc" gene
This command is asking the system to run a process as
system_u:system_r:unconfined_t which is not valid on F9 or Rawhide.
And this is probably not something you want to do.
# So the above line has been commented, and this line substituted,
which
# worked to restart fetchmail right now.
su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"
# Which explains the email message from anacron, but this still leaves the
# question as to why the log was NOT rotated. It was not. Next question:
# Does anacron have rights to su to gene?
========
endscript
}
/var/log/procmail.log {
missingok
compress
notifempty
weekly
rotate 5
create 0600 gene gene
}
-----------------------------
Its a bit confusing to me because the syntax I must use when I launch
fetchmail from rc.local, where no one is logged in yet during the bootup, is
different from the syntax I have to use when I'm logged in, usually as root.
And here, since it runs 24/7, there is me logged in.
What is the permanent cure for this problem please?
Thanks.
I am not sure why logrotate could not rotate the log file.
Is the script trying to run fetchmail as the user gene? What AVC are
you seeing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkkGFAcACgkQrlYvE4MpobPrlACg2deOqAPyGnXHxlZCp67GgJhq
N0UAn2HXxw85mT5MPlhekOg8PkQRMb4J
=vtX/
-----END PGP SIGNATURE-----