Greetings;
Like most who run fetchmail, I have cobbled up a script for logrotate to
maintain the logs.
Unforch, every time I think I have it running correctly for about a month,
then selinux has to get into the act. From an email I got this morning:
------
/etc/cron.daily/logrotate:
system_u:system_r:unconfined_t:s0 is not a valid context
error: error running non-shared postrotate script for /var/log/fetchmail.log
of '/var/log/fetchmail.log '
--------
So I assume its failed again.
-------------------
[root@coyote ~]# ls -l --lcontext /var/log/fetchmail.*
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 0 2008-10-26
03:13 /var/log/fetchmail.log
-rw-r--r-- 1 system_u:object_r:var_log_t:s0 gene gene 80343007 2008-09-28
06:13 /var/log/fetchmail.log-20080928
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 202387 2008-10-05
05:09 /var/log/fetchmail.log-20081005.gz
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 197849 2008-10-12
05:09 /var/log/fetchmail.log-20081012.gz
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 196517 2008-10-19
05:09 /var/log/fetchmail.log-20081019.gz
-rw------- 1 system_u:object_r:var_log_t:s0 gene gene 3298789 2008-10-26
03:13 /var/log/fetchmail.log-20081026
--------------------
And I haven't fixed anything. And as can be seen from the size, it did fail.
Here is that stanza of logrotate's input 'mail' script:
---------------------------------
# Logrotate file for fetchmail.log and procmail.log
/var/log/fetchmail.log {
missingok
compress
notifempty
weekly
rotate 5
create 0600 gene gene
postrotate
/usr/bin/killall fetchmail
sleep 1
========
# It appears that the non-logged in syntax is incorrect, so it did not restart
# fetchmail, causing the email above.
runcon -t unconfined_t -- runuser -l -c "fetchmail -d
90 --fetchmailrc /home/gene/.fetchmailrc" gene
# So the above line has been commented, and this line substituted, which
# worked to restart fetchmail right now.
su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"
# Which explains the email message from anacron, but this still leaves the
# question as to why the log was NOT rotated. It was not. Next question:
# Does anacron have rights to su to gene?
========
endscript
}
/var/log/procmail.log {
missingok
compress
notifempty
weekly
rotate 5
create 0600 gene gene
}
-----------------------------
Its a bit confusing to me because the syntax I must use when I launch
fetchmail from rc.local, where no one is logged in yet during the bootup, is
different from the syntax I have to use when I'm logged in, usually as root.
And here, since it runs 24/7, there is me logged in.
What is the permanent cure for this problem please?
Thanks.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Where does it go when you flush?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
