Logrotate: permission denied on boot.log

spencer-gilbert · June 23, 2022, 9:56pm

logrotate fails to rotate /var/log/boot.log - searching points to SELinux and suggests adjustments that also include restorecon which appears to be a bad idea on Silverblue

systemctl status logrotate.service:

× logrotate.service - Rotate log files
     Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static)
     Active: failed (Result: exit-code) since Thu 2022-06-23 11:26:03 EDT; 6h ago
TriggeredBy: ● logrotate.timer
       Docs: man:logrotate(8)
             man:logrotate.conf(5)
    Process: 4923 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=1/FAILURE)
   Main PID: 4923 (code=exited, status=1/FAILURE)
        CPU: 23ms

Jun 23 11:26:03 ghost.local systemd[1]: Starting logrotate.service - Rotate log files...
Jun 23 11:26:03 ghost.local logrotate[4923]: error: stat of /var/log/boot.log failed: Permission denied
Jun 23 11:26:03 ghost.local systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Jun 23 11:26:03 ghost.local systemd[1]: logrotate.service: Failed with result 'exit-code'.
Jun 23 11:26:03 ghost.local systemd[1]: Failed to start logrotate.service - Rotate log files.

Any suggestions?

siosm · June 24, 2022, 8:02am

This warning is more strongly worded than it should be. It’s not a good idea to run restorecon on the entire system in Silverblue but it’s fine to use it to restore a context for a specific file.

spencer-gilbert · June 24, 2022, 7:34pm

Awesome - resolved then. Definitely read that as a never use it. Appreciate the answer!

richiedaze · February 20, 2025, 11:15pm

Sadly, this problem still exist today. Every boot returns boot.log back to var_log_t.

siosm · March 4, 2025, 4:41pm

Can you open an issue in the Silverblue issue tracker? Thanks

crepererum · March 5, 2025, 11:03am

I’ve filed an issue:

github.com/fedora-silverblue/issue-tracker

`logrotate.service` fails

opened 10:55AM - 05 Mar 25 UTC

crepererum

bug

**Describe the bug** Service fails with: ```text stat of /var/log/boot.log fail…ed: Permission denied ``` **To Reproduce** Happens on a vanilla Silverblue installation after a while. **Expected behavior** All builtin services should NOT fail under normal circumstances. **Screenshots** If applicable, add screenshots to help explain your problem. **OS version:** ``` State: idle BootedDeployment: ● fedora:fedora/41/x86_64/silverblue Version: 41.20250304.0 (2025-03-04T02:12:41Z) BaseCommit: e1eeeec7e6f55beb780f7fdcaa0a8e179913b665c0882bef09603f21b814f3a7 GPGSignature: Valid signature by 466CF2D8B60BC3057AA9453ED0622462E99D6AD1 LayeredPackages: coolercontrol gnome-tweaks lact tailscale tcpdump ``` **Additional context** Other potentially relevant discussions that I have found: - https://github.com/fedora-silverblue/issue-tracker/issues/332 - https://discussion.fedoraproject.org/t/logrotate-permission-denied-on-boot-log/40126

richiedaze · March 15, 2025, 4:35am

issue-tracker

So far I have tracked this bug back to it’s original creation. It seems that var_log_t is the context given to /var/log/boot.log on a fresh installs of Silverblue and Kinoite, but not on Workstation. Further investigating is necessary in the installer.

Relabeling does fix this issue for the time being.

Topic		Replies	Views
Failed To Start Rotate Log Files on Boot Fedora 35 Ask Fedora f35 , gnome , kernel	6	2966	April 6, 2022
Logrotate Failed on Boot Ask Fedora	27	1011	April 5, 2023
Selinux still a problem for F31 rebase Project Discussion workstation-wg	6	936	December 23, 2019
Log rotation not happening in our Fedora 31 server, MySQL entries in logrotate.status Ask Fedora f31	13	3404	January 15, 2020
Selinux problem booting to Silverblue F31; next step after rollback? Project Discussion silverblue-team	1	396	October 15, 2019

Logrotate: permission denied on boot.log

Related topics