You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4j-dev@logging.apache.org by Daniel John Debrunner <dj...@apache.org> on 2009/12/10 23:42:13 UTC
RollingFileAppender drops append mode after a rollover
In RollingFileAppender.rollOver() after a successful roll over is this
code to create the new active file:
187 if (renameSucceeded) {
188 try {
189 // This will also close the file. This is OK since multiple
190 // close operations are safe.
191 this.setFile(fileName, false, bufferedIO, bufferSize);
192 nextRollover = 0;
193 }
Note that false is always passed as the append mode at line 191
regardless of the value of the append property. This possibly causes
issues when running with SELinux and restricted file permissions as the
process now needs write permission, rather than just append. Allowing
just append ensures a process cannot overwrite its log file. I see this
has been raised back in 2004,
http://markmail.org/message/gfgz5nxatnd2akkx
but with no answer, and there does not seem to be a bugzilla entry for
it. I do see that RollingFileAppender overrides setFile() and uses the
append flag in that method, so maybe any fix is not as easy as changing
false to 'append' at line 191.
Any justification for dropping of the append status?
Thanks,
Dan.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org
Re: RollingFileAppender drops append mode after a rollover
Posted by Daniel John Debrunner <dj...@apache.org>.
Ceki Gülcü wrote:
> After a rollover, a new file has been created which necessarily of size
> zero on account of it being new.
So from a logger point of view, opening a newly created file with append
true or false is identical, so it seems there is no harm in carrying
the desired append mode through to the open that performs a create. I
tried this and the problem went away.
> The point about the appender needing
> write permissions is interesting but isn't write permission already
> required to rename the file as is done during roll over?
No, rename requires the 'rename' permission in SELinux.
Thanks,
Dan.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org
Re: RollingFileAppender drops append mode after a rollover
Posted by Ceki Gülcü <ce...@qos.ch>.
Daniel John Debrunner wrote:
> In RollingFileAppender.rollOver() after a successful roll over is this
> code to create the new active file:
>
> 187 if (renameSucceeded) {
> 188 try {
> 189 // This will also close the file. This is OK since multiple
> 190 // close operations are safe.
> 191 this.setFile(fileName, false, bufferedIO, bufferSize);
> 192 nextRollover = 0;
> 193 }
>
> Note that false is always passed as the append mode at line 191
> regardless of the value of the append property. This possibly causes
> issues when running with SELinux and restricted file permissions as the
> process now needs write permission, rather than just append. Allowing
> just append ensures a process cannot overwrite its log file. I see this
> has been raised back in 2004,
>
> http://markmail.org/message/gfgz5nxatnd2akkx
>
> but with no answer, and there does not seem to be a bugzilla entry for
> it. I do see that RollingFileAppender overrides setFile() and uses the
> append flag in that method, so maybe any fix is not as easy as changing
> false to 'append' at line 191.
>
> Any justification for dropping of the append status?
Hello Dan,
After a rollover, a new file has been created which necessarily of size zero on
account of it being new. The point about the appender needing write permissions
is interesting but isn't write permission already required to rename the file as
is done during roll over?
> Thanks,
> Dan.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org
Re: RollingFileAppender drops append mode after a rollover
Posted by Daniel John Debrunner <dj...@apache.org>.
Daniel John Debrunner wrote:
> In RollingFileAppender.rollOver() after a successful roll over is this
[snip]
On further debugging, I found out the code is using RollingFileAppender
from extras and
not the base (ie. org.apache.log4j.rolling.RollingFileAppender).
The same issue exists there but with a different codepath, now the
implementations of RollingPolicy.rollover() always return a
RolloverDescription with append set to false, e.g. line 189 of
FixedWindowRollingPolicy has:
return new RolloverDescriptionImpl(
currentFileName, false, renameAction, compressAction);
Note the false hard-coded for append, so the question still is ...
> Any justification for dropping of the append status?
Dan.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org