Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-42508

rsyslog reports configuration issues to /dev/null, which doesn't help undertstanding root cause

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • rhel-8.10, rhel-9.4
    • rsyslog
    • None
    • None
    • Moderate
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      When some rsyslog configuration file is not readable (e.g. because of some invalid SELinux context), the service fails to start but no error is displayed, which makes it difficult to troubleshoot:

       :
Jun 17 12:41:36 vm-rhel9 systemd[1]: Starting System Logging Service...
Jun 17 12:41:36 vm-rhel9 systemd[1]: rsyslog.service: Main process exited, code=exited, status=1/FAILURE
Jun 17 12:41:36 vm-rhel9 systemd[1]: rsyslog.service: Failed with result 'exit-code'.
Jun 17 12:41:36 vm-rhel9 systemd[1]: Failed to start System Logging Service.
Jun 17 12:41:37 vm-rhel9 systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 4.
Jun 17 12:41:37 vm-rhel9 systemd[1]: Stopped System Logging Service.
Jun 17 12:41:37 vm-rhel9 systemd[1]: Starting System Logging Service...
 :

      strace shows the error goes to /dev/null:

       :
1464  12:50:24.044563 write(2</dev/null<char 1:3>>, "rsyslogd: could not open config file '/etc/rsyslog.conf': Permission denied [v8.2310.0-4.el9 try https://www.rsyslog.com/e/2104 "..., 130) = 130 <0.000007>
1464  12:50:24.045875 write(2</dev/null<char 1:3>>, "rsyslogd: run failed with error -2104 (see rsyslog.h or try https://www.rsyslog.com/e/2104 to learn what that number means)\n", 124) = 124 <0.000005>
1465  12:50:24.337974 write(2</dev/null<char 1:3>>, "rsyslogd: could not open config file '/etc/rsyslog.conf': Permission denied [v8.2310.0-4.el9 try https://www.rsyslog.com/e/2104 "..., 130) = 130 <0.000007>
1465  12:50:24.339277 write(2</dev/null<char 1:3>>, "rsyslogd: run failed with error -2104 (see rsyslog.h or try https://www.rsyslog.com/e/2104 to learn what that number means)\n", 124) = 124 <0.000005>
 :

      Please provide the package NVR for which bug is seen:

      All rsyslog releases

      How reproducible:

      Always

      Steps to reproduce

      1. Modify the context of /etc/rsyslog.conf for it to not be readable 
        # chcon -t user_home_t /etc/rsyslog.conf
      2. Start the service

      Expected results

      Error displayed in the journal

      Actual results

      No error message seen, just service failing to start in loop

              rh-ee-alakatos Attila Lakatos
              rhn-support-rmetrich Renaud Métrich
              Attila Lakatos Attila Lakatos
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: