Bug 1712053
| Summary: | tmux session not attached automatically during manual installation on s390x | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Stodola <jstodola> | ||||
| Component: | openssh | Assignee: | Jakub Jelen <jjelen> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.7 | CC: | amarecek, dapospis, jomurphy, omoris, szidek | ||||
| Target Milestone: | beta | Keywords: | BetaBlocker, Triaged | ||||
| Target Release: | --- | ||||||
| Hardware: | s390x | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openssh-7.4p1-20.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-08-06 12:57:51 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1670353 | ||||||
| Attachments: |
|
||||||
Created attachment 1571342 [details]
program.log
Reproduced on installed system with openssh-7.4p1-19.el7 configured in a similar way like the installation environment: (see https://github.com/weldr/lorax/blob/rhel7-branch/share/runtime-postinstall.tmpl#L78) [root@rtt7 ~]# useradd -u 0 -g 0 --non-unique -s /bin/false install [root@rtt7 ~]# passwd install Changing password for user install. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. [root@rtt7 ~]# grep install /etc/passwd install:x:0:0::/home/install:/bin/false [root@rtt7 ~]# Login as the "install" user is successful, although it should not be allowed due to "/bin/false" login shell: [jstodola@localhost ~]$ ssh install.105.198 Warning: Permanently added '10.16.105.198' (ECDSA) to the list of known hosts. install.105.198's password: Last login: Mon May 20 13:31:31 2019 from 10.43.17.23 [root@rtt7 ~]# The same steps on RHEL-7.6 with openssh-7.4p1-16.el7 work as expected, login is not successful: [jstodola@localhost ~]$ ssh install.105.197 Warning: Permanently added '10.16.105.197' (ECDSA) to the list of known hosts. install.105.197's password: Last login: Mon May 20 13:26:28 2019 from 10.43.17.23 Connection to 10.16.105.197 closed. [jstodola@localhost ~]$ Switching the component to openssh. It looks like the fix for #1674541 is wrong, I don't want to say on the first sight since I saw that patch few times before and it did not occur to me that it might be a problem. The pw structure that is updated needs to be copied, otherwise it will get updated by some other consecutive call to getpwnam or getpwuid(). Can you check that it works for you with the following scratch build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=21767044 This is indeed a big issue and I am glad we figured it out before the release. Unfortunately the scratch build from comment 6 doesn't fix the problem: [jstodola@localhost ~]$ ssh install.105.197 Warning: Permanently added '10.16.105.197' (ECDSA) to the list of known hosts. install.105.197's password: Last login: Tue May 21 04:49:32 2019 from 10.43.17.23 [root@rtt6 ~]# rpm -q openssh-server openssh-server-7.4p1-19.1.el7.s390x [root@rtt6 ~]# grep install /etc/passwd install:x:0:0::/home/install:/bin/false [root@rtt6 ~]# I modified the patch bit more, making sure that it does not free the old pw that is owned by the authctx structure and that it is copied using the same means as it was created. This is a scratch build (at least for CI) that should no longer have this problem. https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=21767841 In context of bug #1674541 I think for that one to work, we would need to be able to invalidate also the supplementary group list cache in uidswap.c, but there is no sensible API at this moment to do that properly. The other possibility is to revert the patch completely, since it was not possible to verify that it solves the underlying problem so far. Anyway, I plan to fix this later today. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2143 |
Description of problem: tmux session is not attached automatically when the user connects to the installation environment via ssh (ssh install@machine) to continue with the installation on s390x: [jstodola@localhost ~]$ ssh install.105.198 Warning: Permanently added '10.16.105.198' (ECDSA) to the list of known hosts. -bash: /sbin/consoletype: No such file or directory [anaconda root@rtt7 ~]# You can see that tmux is running: [anaconda root@rtt7 ~]# pstree systemd-+-NetworkManager---2*[{NetworkManager}] |-agetty |-bash |-dbus-daemon---{dbus-daemon} |-lvmetad |-multipathd---5*[{multipathd}] |-polkitd---6*[{polkitd}] |-rngd |-rsyslogd---3*[{rsyslogd}] |-sshd---sshd---bash---pstree |-systemd-journal |-systemd-logind |-systemd-udevd `-tmux-+-anaconda---3*[{anaconda}] |-bash `-3*[tail] and it's possible to attach to it manually: [anaconda root@rtt7 ~]# grep install /etc/passwd install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda [anaconda root@rtt7 ~]# /usr/libexec/anaconda/run-anaconda Version-Release number of selected component (if applicable): RHEL-7.7-20190514.2 anaconda-21.48.22.154-1.el7 How reproducible: always Steps to Reproduce: 1. start manual installation on s390x 2. login via ssh to continue with the installation when asked (ssh install@machine) Actual results: tmux session is not attached to be able to continue with the installation (it's not possible to select text/VNC mode) Expected results: tmux session is attached automatically after login via ssh