Bug#907505: /bin/gzip: error while loading shared libraries: cannot restore segment prot after reloc

Tue, 28 Aug 2018 13:42:28 -0700 

Package: logrotate
Version: 3.14.0-3
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

Yesterday on my servers the logrotate package was updated. The change in this
upgrade was the migration from invocation by cron to a systemd timer. This
night logrotate tried to run and do its job, and failed:

Aug 28 00:00:01 fu.fsck.at logrotate[14276]: error: Compressing program wrote 
following message to stderr when compressing log /var/log/syslog.1:
Aug 28 00:00:01 fu.fsck.at logrotate[14276]: /bin/gzip: error while loading 
shared libraries: cannot restore segment prot after reloc: Operation not 
permitted
Aug 28 00:00:01 fu.fsck.at logrotate[14276]: error: failed to compress log 
/var/log/syslog.1

I encountered this error on all i686 systems, but not on the amd64 systems.

Some results from googling indicate that this might be related to SELinux.
I do not use SELinux, but apparmor. However, there are no rules active
related to logrotate or gzip.

After reading https://github.com/systemd/systemd/issues/5400 I suspect that
MemoryDenyWriteExecute in the logrotate.service file is causing this.


-- Package-specific info:
Contents of /etc/logrotate.d
total 40
-rw-r--r-- 1 root root 120 Oct 21  2017 alternatives
-rw-r--r-- 1 root root 442 Sep  3  2017 apache2
-rw-r--r-- 1 root root 173 Aug  6  2012 apt
-rw-r--r-- 1 root root 130 Aug 21 22:23 btmp
-rw-r--r-- 1 root root 112 Oct 21  2017 dpkg
-rw-r--r-- 1 root root 313 Mar 19  2014 fail2ban
-rw-r--r-- 1 root root 120 Nov 27  2014 munin-node
-rw-r--r-- 1 root root 501 Jul  1  2017 rsyslog
-rw-r--r-- 1 root root 235 May 27  2015 unattended-upgrades
-rw-r--r-- 1 root root 145 Feb 19  2018 wtmp


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.17.0-3-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages logrotate depends on:
ii  cron [cron-daemon]  3.0pl1-130
ii  libacl1             2.2.52-3+b1
ii  libc6               2.27-5
ii  libpopt0            1.16-11
ii  libselinux1         2.8-1+b1
ii  systemd-sysv        239-7

Versions of packages logrotate recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20180807cvs-1

logrotate suggests no packages.

-- no debconf information

Reply via email to