In RollingFileAppender.rollOver() after a successful roll over is this
code to create the new active file:
187 if (renameSucceeded) {
188 try {
189 // This will also close the file. This is OK since multiple
190 // close operations are safe.
191 this.setFile(fileName, false, bufferedIO, bufferSize);
192 nextRollover = 0;
193 }
Note that false is always passed as the append mode at line 191
regardless of the value of the append property. This possibly causes
issues when running with SELinux and restricted file permissions as the
process now needs write permission, rather than just append. Allowing
just append ensures a process cannot overwrite its log file. I see this
has been raised back in 2004,
http://markmail.org/message/gfgz5nxatnd2akkx
but with no answer, and there does not seem to be a bugzilla entry for
it. I do see that RollingFileAppender overrides setFile() and uses the
append flag in that method, so maybe any fix is not as easy as changing
false to 'append' at line 191.
Any justification for dropping of the append status?
Thanks,
Dan.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
