Bug 224190

type=AVC msg=audit(1169585959.102:12): avc:  denied  { write } for  pid=2307
comm="aisexec" name="ringid_10.15.89.174" dev=dm-0 ino=2284808
scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file

type=AVC msg=audit(1169585021.617:10): avc:  denied  { write } for  pid=2352
comm="aisexec" name="sbin" dev=dm-0 ino=1305602
scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir

After speaking with Dan about this problem, it could be a problem with the
parent process that doesn't close all of its open file descriptors before
forking and execing.  This could potentially be a problem with cman_tool which
should be investigated.

Dan suggested adding the following fcntl's for the files that are left open.

*dwalsh* Make that  fcntl(fd, F_SETFL, FD_CLOEXEC);
*dwalsh* Before you exec

Seems the writing to /sbin is caused by the application attempting to dump core.
 So I think openais is crashing and SELinux will not allow it to drop core.

From the resulting core file (attached to this bz):

 gdb aisexec core.2236
GNU gdb Red Hat Linux (6.5-16.el5rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...
(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/libexec/lcrso/objdb.lcrso...
(no debugging symbols found)...done.
Loaded symbols for /usr/libexec/lcrso/objdb.lcrso
Reading symbols from /usr/libexec/lcrso/service_cman.lcrso...(no debugging
symbols found)...done.
Loaded symbols for /usr/libexec/lcrso/service_cman.lcrso
Reading symbols from /lib/libnss_files.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_dns.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_dns.so.2
Reading symbols from /lib/libresolv.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/libresolv.so.2
(no debugging symbols found)
Core was generated by `aisexec'.
Program terminated with signal 11, Segmentation fault.
#0  0x004d8353 in strlen () from /lib/libc.so.6

Created attachment 146684 [details]
openais (aisexec) core file

core caused by cman/selinux interaction in some way:

Core was generated by `aisexec'.
Program terminated with signal 11, Segmentation fault.
#0  0x004d8353 in strlen () from /lib/libc.so.6
(gdb) where
#0  0x004d8353 in strlen () from /lib/libc.so.6
#1  0x00e5067c in ais_add_ifaddr () from /usr/libexec/lcrso/service_cman.lcrso
#2  0x00e55101 in process_barrier_msg ()
   from /usr/libexec/lcrso/service_cman.lcrso
#3  0x00e55e82 in read_ccs_config () from /usr/libexec/lcrso/service_cman.lcrso
#4  0x00e50c09 in ais_add_ifaddr () from /usr/libexec/lcrso/service_cman.lcrso
#5  0x08061194 in main () at main.c:458
(gdb)


Possible blocker since segfault occurs when se linux configured enforcing.

Attempted to duplicate on the smoke cluster.  Could not duplicate by setting
enforcing/targeted mode.  Must be some other environmental condition in the
system that is being tested.  Need access to hardware/platform that is causing
the problem.  More information needed about how openais is started.  From some
conversations it appears cman is not started via the service cman start script
but started in some other way.

Attempted to recreate on the tng3 cluster (lab.msp.redhat.com) - I was able to
cause the core dump by creating a new cluster via Conga on Jab 15, but not today.

Fix in openais 0.80.3 which is in the 5.1 RC tree.

Based on the date this bug was created, it appears to have been reported
against rawhide during the development of a Fedora release that is no
longer maintained. In order to refocus our efforts as a project we are
flagging all of the open bugs for releases which are no longer
maintained. If this bug remains in NEEDINFO thirty (30) days from now,
we will automatically close it.

If you can reproduce this bug in a maintained Fedora version (7, 8, or
rawhide), please change this bug to the respective version and change
the status to ASSIGNED. (If you're unable to change the bug's version
or status, add a comment to the bug and someone will change it for you.)

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

This bug has been in NEEDINFO for more than 30 days since feedback was
first requested. As a result we are closing it.

If you can reproduce this bug in the future against a maintained Fedora
version please feel free to reopen it against that version.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp