Bug 203801
Summary: | LSPP- 'newrole' SELinux command getting 'SIGPIPE' with 40000 Chars | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | IBM Bug Proxy <bugproxy> | ||||||||
Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 5.0 | CC: | dwalsh, iboverma, pgraner, sgrubb | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | s390x | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | beta2 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2006-12-23 00:04:06 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
IBM Bug Proxy
2006-08-23 19:47:00 UTC
Created attachment 134745 [details]
strace of newrole command
strace of newrole command
Created attachment 134746 [details]
ltrace of newrole command
ltrace of newrole command
----- Additional Comments From nasastry.com 2006-08-24 03:40 EDT ------- Same result with RHEL5_Alpha2 (KV 2.6.17-1.2519.4.5.el5) ----- Additional Comments From srinivds.com 2006-08-24 06:30 EDT ------- When we try to run the above newrole command with "mcstransd"(SELinux Context Translation System Daemon),2 write operations happens to /var/run/setrans/.setrans-unix socket(created by mcstransd). By the time one write operation finishes,read end of the socket is getting closed and hence second write operation is getting SIGPIPE. ======================================================================== connect(3, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"}, 110) = 0 writev(3, [{" newrole will now ignore sigpipe. Fixed in policycoreutils-1.30.27-3 ----- Additional Comments From salina.com 2006-08-31 15:46 EDT ------- Hi Daniel, Will you be placing the fix on Fedora too ? Before we get an official RHEL 5 beta 1 will Fedora be a good place to get a fixed package we can try .. since we are doing some pre-beta 1 testing any way. Currently I see policycoreutils-1.30.26-1.s390x.rpm http://download.fedora.redhat.com/pub/fedora/linux/core/development/s390x/os/Fed ora/RPMS/ Thanks Salina Chu LTC screen team Yes all development is in Fedora first. Most updates will not be in RHEL 5 beta 1 since that froze a few weeks ago. So packages will be available in Fedora. Created attachment 136009 [details]
libselinux patch to address this bug in general
This patch has been proposed upstream as a general solution for this bug, not
limited to newrole. It modifies the libselinux code that was triggering
SIGPIPE to use sendmsg() with MSG_NOSIGNAL rather than writev() so that if the
daemon closes its end of the connection prematurely, a normal error value will
be returned up to the caller rather than generating a SIGPIPE.
changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ACCEPTED |CLOSED ------- Additional Comments From nasastry.com 2006-10-10 07:25 EDT ------- Tested against latest code drop KV 2.6.18-1.2702.el5. newrole command is not giving SIGPIPE. # rpm -qa | grep selinux libselinux-1.30.28-2 libselinux-devel-1.30.28-2 libselinux-1.30.28-2 libselinux-python-1.30.28-2 selinux-policy-targeted-2.3.16-2 libselinux-devel-1.30.28-2 selinux-policy-2.3.16-2 Closing this bugzilla report. Thanks!! A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. ----- Additional Comments From salina.com 2006-12-23 14:55 EDT ------- problem already closed at IBM. Thanks |