Package: logrotate Version: 3.14.0-3 Severity: normal Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** Yesterday on my servers the logrotate package was updated. The change in this upgrade was the migration from invocation by cron to a systemd timer. This night logrotate tried to run and do its job, and failed: Aug 28 00:00:01 fu.fsck.at logrotate[14276]: error: Compressing program wrote following message to stderr when compressing log /var/log/syslog.1: Aug 28 00:00:01 fu.fsck.at logrotate[14276]: /bin/gzip: error while loading shared libraries: cannot restore segment prot after reloc: Operation not permitted Aug 28 00:00:01 fu.fsck.at logrotate[14276]: error: failed to compress log /var/log/syslog.1 I encountered this error on all i686 systems, but not on the amd64 systems. Some results from googling indicate that this might be related to SELinux. I do not use SELinux, but apparmor. However, there are no rules active related to logrotate or gzip. After reading https://github.com/systemd/systemd/issues/5400 I suspect that MemoryDenyWriteExecute in the logrotate.service file is causing this. -- Package-specific info: Contents of /etc/logrotate.d total 40 -rw-r--r-- 1 root root 120 Oct 21 2017 alternatives -rw-r--r-- 1 root root 442 Sep 3 2017 apache2 -rw-r--r-- 1 root root 173 Aug 6 2012 apt -rw-r--r-- 1 root root 130 Aug 21 22:23 btmp -rw-r--r-- 1 root root 112 Oct 21 2017 dpkg -rw-r--r-- 1 root root 313 Mar 19 2014 fail2ban -rw-r--r-- 1 root root 120 Nov 27 2014 munin-node -rw-r--r-- 1 root root 501 Jul 1 2017 rsyslog -rw-r--r-- 1 root root 235 May 27 2015 unattended-upgrades -rw-r--r-- 1 root root 145 Feb 19 2018 wtmp -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 4.17.0-3-686-pae (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages logrotate depends on: ii cron [cron-daemon] 3.0pl1-130 ii libacl1 2.2.52-3+b1 ii libc6 2.27-5 ii libpopt0 1.16-11 ii libselinux1 2.8-1+b1 ii systemd-sysv 239-7 Versions of packages logrotate recommends: ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-1 logrotate suggests no packages. -- no debconf information