Looks good to me.
I have this in MySQL:
/usr/bin/kill -USR1 $(systemctl show --property MainPID --value mysqld)
https://src.fedoraproject.org/rpms/mysql8.4/blob/e1dd80/f/mysql-flush-logrotate.patch#_33
but the 'systemctl kill' looks like an elegant update I can use.
Michal
--
Michal Schorm
Software Engineer
Databases Team
Red Hat
--
On Sun, May 25, 2025 at 12:17 AM Marcos Mello <marcos...@gmail.com> wrote:
>
> Some packages install logrotate configuration snippets with postrotate
> scripts that call:
>
> ```
> kill -<signal> `cat /run/<pidfile> 2>/dev/null` 2>/dev/null || true
> ```
>
> A non-comprehensive list: php-fpm, nginx, syslog-ng. The CONFIGURATION FILE
> section of the logrotate(8) man page includes an example of this type of
> construction.
>
> https://src.fedoraproject.org/rpms/php/blob/rawhide/f/php-fpm.logrotate
> https://src.fedoraproject.org/rpms/nginx/blob/rawhide/f/nginx.logrotate
> https://src.fedoraproject.org/rpms/syslog-ng/blob/rawhide/f/syslog-ng.logrotate
>
> This seems wasteful to me, as systemd *already knows* the daemon's main PID
> (even when there's no pidfile) and can achieve the same result with:
>
> ```
> systemctl kill --signal=<signal> --kill-who=main <service> 2>/dev/null || true
> ```
>
> (since systemd 252, the option has been renamed to `--kill-whom`, and
> `--kill-who` remains supported for compatibility)
>
> A long time ago, I opened a bug to change this for Nginx, but at the time,
> SELinux policy didn't allow it, and the change was reverted.
>
> Adjusting the SELinux policy to allow the use of `systemctl kill` in these
> cases would be beneficial, as the current policy
> (selinux-policy-targeted-41.40-1.fc42.noarch) still denies it:
>
> type=USER_AVC msg=audit(1748111593.330:131): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { stop }
> for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/php-fpm.service"
> cmdline="" function="bus_unit_method_kill"
> scontext=system_u:system_r:logrotate_t:s0
> tcontext=system_u:object_r:httpd_unit_file_t:s0 tclass=service permissive=1
> exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=?
> terminal=?'UID="root" AUID="unset" AUID="root" UID="root" GID="root"
> SAUID="root"
>
> Does this make sense to you? Should I start filing bugs about this?
> --
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
