hook script piping to file has no content when borgmatic is run from cron #374
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#374
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
I am doing backups of KVM virtual machines using borgmatic and hook script.
The script creates VM snapshots and dumps VM configuration by piping "virsh dumpxml" command output to a file.
I am not sure at all this is borgmatic issue but when borgmatic is run from cron, created xml configuration files are empty.
To say that differently:
OK - hook script run from command line - xml dump files are created and have content.
OK - borgmatic run from command line - xml dump files are created and have content.
NOK - borgmatic run from cron - xml dump files are created but have zero size.
Steps to reproduce (if a bug)
borgmatic configuration:
Part of the hook script - function that creates xml dumps:
cron job
Actual behavior (if a bug)
virsh dumpxml produces empty files when script is executed via cron.
If borgmatic is run from command line
xml files have content:
If borgmatic is started from cron, then xml files are empty.
cron log
syslog
but resulting files have 0 size
Note that timestamps match cronjob execution time.
Expected behavior (if a bug)
xml files from virsh dumpxml command have content.
Other notes / implementation ideas
Environment
borgmatic version: 1.5.12
borgmatic installation method:
System-wide pip installation.
Borg version: borg 1.1.14
Python version: Python 3.6.8
Database version (if applicable): N/A
operating system and version: CentOS Linux release 7.9.2009 (Core)
And just when I spent an hour creatng this report I suddenly realized I have to check selinux logs. And bom - there I have related entries:
type=AVC msg=audit(1607068202.425:538902): avc: denied { write } for pid=13789 comm="virsh" path="/var/lib/libvirt/xml/tftp.xml" dev="dm-1" ino=21409 scontext=system_u:system_r:virsh_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1607068202.548:538904): avc: denied { write } for pid=13916 comm="virsh" path="/var/lib/libvirt/xml/sf.xml" dev="dm-1" ino=21408 scontext=system_u:system_r:virsh_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1607068202.943:538914): avc: denied { write } for pid=14015 comm="virsh" path="/var/lib/libvirt/xml/im-replica.xml" dev="dm-1" ino=2266431 scontext=system_u:system_r:virsh_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1607068203.079:538916): avc: denied { write } for pid=14032 comm="virsh" path="/var/lib/libvirt/xml/im.xml" dev="dm-1" ino=20121 scontext=system_u:system_r:virsh_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1607068203.213:538926): avc: denied { write } for pid=14050 comm="virsh" path="/var/lib/libvirt/xml/tiger.xml" dev="dm-1" ino=21421 scontext=system_u:system_r:virsh_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Please close this issue, it is not borgmatic, but selinux permission problem.