Ever since a recent power failure I have been getting a Logrotate error. My machine is on a UPS -- it shutdown cleanly, but I suspect that its BIOS/RTC battery is dead, since the machine came up thinking it was 1982 :-(. I reset the clock and everything is fine, *except* I had to delete Logrotate's state files (which had bad dates). But now Logrotate is raising the error:
error: error creating unique temp file: Permission denied
and audit.log contains these messages:
type=AVC msg=audit(1541925899.209:28416): avc: denied { create } for pid=5281 comm="logrotate" name="logrotate_temp.bPbOYF" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1541925899.209:28416): arch=c000003e syscall=2 success=no exit=-13 a0=7ffdd2d613d0 a1=c2 a2=180 a3=0 items=0 ppid=5279 pid=5281 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1865 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
It is (obviously) a selinux problem, but I don't know what file or directory needs to be fixed. How to I find that out?
I turned on verbose in /etc/cron.daily/logrotate:
#!/bin/sh
/usr/sbin/logrotate -v /etc/logrotate.conf EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi
and am getting this (typical) message from logrotate daily:
reading config file /etc/logrotate.conf including /etc/logrotate.d reading config file apcupsd reading config info for /var/log/apcupsd.events reading config file ConsoleKit reading config info for /var/log/ConsoleKit/history reading config file cups reading config info for /var/log/cups/*_log reading config file cyrus-imapd reading config info for /var/log/imapd.log /var/log/auth.log reading config file dracut reading config info for /var/log/dracut.log reading config file httpd reading config info for /var/log/httpd/*log reading config file iscsiuiolog reading config info for /var/log/iscsiuio.log reading config file libvirtd reading config info for /var/log/libvirt/libvirtd.log reading config file libvirtd.lxc reading config info for /var/log/libvirt/lxc/*.log reading config file libvirtd.qemu reading config info for /var/log/libvirt/qemu/*.log reading config file mcelog reading config info for /var/log/mcelog reading config file mysqld reading config file named reading config info for /var/named/data/named.run reading config file numad reading config info for /var/log/numad.log reading config file ppp reading config info for /var/log/ppp/connect-errors reading config file psacct reading config info for /var/account/pacct reading config file sa-update reading config info for /var/log/sa-update.log reading config file sssd reading config info for /var/log/sssd/*.log reading config file syslog reading config info for /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler
reading config file wpa_supplicant reading config info for /var/log/wpa_supplicant.log reading config file yum reading config info for /var/log/yum.log reading config info for /var/log/wtmp reading config info for /var/log/btmp
Handling 22 logs
rotating pattern: /var/log/apcupsd.events weekly (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/apcupsd.events log does not need rotating
rotating pattern: /var/log/ConsoleKit/history monthly (6 rotations) empty log files are not rotated, old logs are removed considering log /var/log/ConsoleKit/history log does not need rotating
rotating pattern: /var/log/cups/*_log weekly (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/cups/access_log log needs rotating considering log /var/log/cups/error_log log needs rotating considering log /var/log/cups/page_log log needs rotating rotating log /var/log/cups/access_log, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/cups/error_log, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/cups/page_log, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to system_u:object_r:cupsd_log_t:s0 renaming /var/log/cups/access_log to /var/log/cups/access_log-20181111 creating new /var/log/cups/access_log mode = 0600 uid = 0 gid = 7 fscreate context set to system_u:object_r:cupsd_log_t:s0 renaming /var/log/cups/error_log to /var/log/cups/error_log-20181111 creating new /var/log/cups/error_log mode = 0600 uid = 0 gid = 7 fscreate context set to unconfined_u:object_r:cupsd_log_t:s0 renaming /var/log/cups/page_log to /var/log/cups/page_log-20181111 creating new /var/log/cups/page_log mode = 0600 uid = 0 gid = 7 removing old log /var/log/cups/access_log-19821102 removing old log /var/log/cups/error_log-19821102 removing old log /var/log/cups/page_log-19821102
rotating pattern: /var/log/imapd.log /var/log/auth.log weekly (4 rotations) empty log files are rotated, old logs are removed considering log /var/log/imapd.log log /var/log/imapd.log does not exist -- skipping considering log /var/log/auth.log log /var/log/auth.log does not exist -- skipping not running postrotate script, since no logs were rotated
rotating pattern: /var/log/dracut.log 1048576 bytes (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/dracut.log log does not need rotating
rotating pattern: /var/log/httpd/*log weekly (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/httpd/access_log log needs rotating considering log /var/log/httpd/error_log log needs rotating considering log /var/log/httpd/ssl_access_log log does not need rotating considering log /var/log/httpd/ssl_error_log log does not need rotating considering log /var/log/httpd/ssl_request_log log does not need rotating considering log /var/log/httpd/suexec.log log does not need rotating rotating log /var/log/httpd/access_log, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/httpd/error_log, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to unconfined_u:object_r:httpd_log_t:s0 renaming /var/log/httpd/access_log to /var/log/httpd/access_log-20181111 creating new /var/log/httpd/access_log mode = 0644 uid = 0 gid = 0 fscreate context set to unconfined_u:object_r:httpd_log_t:s0 renaming /var/log/httpd/error_log to /var/log/httpd/error_log-20181111 creating new /var/log/httpd/error_log mode = 0644 uid = 0 gid = 0 running postrotate script removing old log /var/log/httpd/access_log-20181007 removing old log /var/log/httpd/error_log-20181021
rotating pattern: /var/log/iscsiuio.log weekly (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/iscsiuio.log log /var/log/iscsiuio.log does not exist -- skipping not running postrotate script, since no logs were rotated
rotating pattern: /var/log/libvirt/libvirtd.log weekly (4 rotations) empty log files are rotated, only log files >= 102400 bytes are rotated, old logs are removed considering log /var/log/libvirt/libvirtd.log log does not need rotating
rotating pattern: /var/log/libvirt/lxc/*.log weekly (4 rotations) empty log files are rotated, only log files >= 102400 bytes are rotated, old logs are removed considering log /var/log/libvirt/lxc/*.log log /var/log/libvirt/lxc/*.log does not exist -- skipping
rotating pattern: /var/log/libvirt/qemu/*.log weekly (4 rotations) empty log files are rotated, only log files >= 102400 bytes are rotated, old logs are removed considering log /var/log/libvirt/qemu/c532guest.log log does not need rotating considering log /var/log/libvirt/qemu/c632guest.log log does not need rotating considering log /var/log/libvirt/qemu/c664guest.log log does not need rotating considering log /var/log/libvirt/qemu/c764guest.log log does not need rotating considering log /var/log/libvirt/qemu/C764guest.log log does not need rotating considering log /var/log/libvirt/qemu/msbuilder.log log does not need rotating considering log /var/log/libvirt/qemu/testsvn.log log does not need rotating considering log /var/log/libvirt/qemu/ub120432.log log does not need rotating considering log /var/log/libvirt/qemu/ub120464.log log does not need rotating
rotating pattern: /var/log/mcelog 2097152 bytes (99 rotations) empty log files are not rotated, old logs are removed considering log /var/log/mcelog log /var/log/mcelog does not exist -- skipping not running postrotate script, since no logs were rotated
rotating pattern: /var/named/data/named.run weekly (4 rotations) empty log files are rotated, old logs are removed considering log /var/named/data/named.run log needs rotating rotating log /var/named/data/named.run, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to unconfined_u:object_r:named_cache_t:s0 renaming /var/named/data/named.run to /var/named/data/named.run-20181111 creating new /var/named/data/named.run mode = 0644 uid = 25 gid = 25 running postrotate script removing old log /var/named/data/named.run-20181021
rotating pattern: /var/log/numad.log 1048576 bytes (5 rotations) empty log files are rotated, old logs are removed considering log /var/log/numad.log log /var/log/numad.log does not exist -- skipping
rotating pattern: /var/log/ppp/connect-errors after 1 days (5 rotations) empty log files are not rotated, old logs are removed considering log /var/log/ppp/connect-errors log /var/log/ppp/connect-errors does not exist -- skipping
rotating pattern: /var/account/pacct after 1 days (31 rotations) empty log files are not rotated, old logs are removed considering log /var/account/pacct log does not need rotating not running postrotate script, since no logs were rotated
rotating pattern: /var/log/sa-update.log monthly (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/sa-update.log log does not need rotating
rotating pattern: /var/log/sssd/*.log weekly (2 rotations) empty log files are not rotated, old logs are removed considering log /var/log/sssd/*.log log /var/log/sssd/*.log does not exist -- skipping not running postrotate script, since no logs were rotated
rotating pattern: /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler weekly (4 rotations) empty log files are rotated, old logs are removed considering log /var/log/cron log needs rotating considering log /var/log/maillog log needs rotating considering log /var/log/messages log needs rotating considering log /var/log/secure log needs rotating considering log /var/log/spooler log needs rotating rotating log /var/log/cron, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/maillog, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/messages, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/secure, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/spooler, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/cron to /var/log/cron-20181111 creating new /var/log/cron mode = 0600 uid = 0 gid = 0 fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/maillog to /var/log/maillog-20181111 creating new /var/log/maillog mode = 0600 uid = 0 gid = 0 fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/messages to /var/log/messages-20181111 creating new /var/log/messages mode = 0600 uid = 0 gid = 0 fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/secure to /var/log/secure-20181111 creating new /var/log/secure mode = 0600 uid = 0 gid = 0 fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/spooler to /var/log/spooler-20181111 creating new /var/log/spooler mode = 0600 uid = 0 gid = 0 running postrotate script removing old log /var/log/cron-20181021 removing old log /var/log/maillog-20181021 removing old log /var/log/messages-20181021 removing old log /var/log/secure-20181021 removing old log /var/log/spooler-20181021
rotating pattern: /var/log/wpa_supplicant.log 30720 bytes (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/wpa_supplicant.log log does not need rotating not running postrotate script, since no logs were rotated
rotating pattern: /var/log/yum.log yearly (4 rotations) empty log files are not rotated, old logs are removed considering log /var/log/yum.log log does not need rotating
rotating pattern: /var/log/wtmp monthly (1 rotations) empty log files are rotated, only log files >= 1048576 bytes are rotated, old logs are removed considering log /var/log/wtmp log does not need rotating
rotating pattern: /var/log/btmp monthly (1 rotations) empty log files are rotated, old logs are removed considering log /var/log/btmp log does not need rotating set default create context error: error creating unique temp file: Permission denied
/var/lib/logrotate.status contains:
logrotate state -- version 2 "/var/log/btmp" 2018-11-6 "/var/log/ConsoleKit/history" 2018-11-6 "/var/log/libvirt/qemu/c664guest.log" 2018-11-6 "/var/log/httpd/access_log" 2018-11-4 "/var/log/spooler" 2018-11-6 "/var/log/sssd/*.log" 2018-11-4 "/var/log/mcelog" 2018-11-4 "/var/log/libvirt/qemu/testsvn.log" 2018-11-6 "/var/log/iscsiuio.log" 2018-11-4 "/var/log/libvirt/qemu/c532guest.log" 2018-11-6 "/var/log/wtmp" 2018-11-6 "/var/log/auth.log" 2018-11-4 "/var/log/yum.log" 2018-11-4 "/var/log/ppp/connect-errors" 2018-11-4 "/var/log/httpd/ssl_error_log" 2018-11-4 "/var/log/secure" 2018-11-6 "/var/log/messages" 2018-11-6 "/var/log/libvirt/qemu/c764guest.log" 2018-11-6 "/var/log/httpd/ssl_request_log" 2018-11-4 "/var/log/httpd/suexec.log" 2018-11-4 "/var/log/libvirt/qemu/ub120432.log" 2018-11-6 "/var/log/cron" 2018-11-6 "/var/account/pacct" 2018-11-4 "/var/log/httpd/error_log" 2018-11-6 "/var/log/libvirt/libvirtd.log" 2018-11-6 "/var/log/dracut.log" 2018-11-4 "/var/log/imapd.log" 2018-11-4 "/var/log/sa-update.log" 2018-11-4 "/var/log/libvirt/qemu/c632guest.log" 2018-11-6 "/var/log/cups/page_log" 2018-11-4 "/var/log/libvirt/qemu/msbuilder.log" 2018-11-6 "/var/log/cups/error_log" 2018-11-4 "/var/named/data/named.run" 2018-11-6 "/var/log/maillog" 2018-11-6 "/var/log/numad.log" 2018-11-4 "/var/log/wpa_supplicant.log" 2018-11-4 "/var/log/libvirt/lxc/*.log" 2018-11-4 "/var/log/httpd/ssl_access_log" 2018-11-4 "/var/log/cups/access_log" 2018-11-4 "/var/log/libvirt/qemu/ub120464.log" 2018-11-6 "/var/log/libvirt/qemu/C764guest.log" 2018-11-6 "/var/log/apcupsd.events" 2018-11-4