Bug 368041

Summary: No output from lvm commands
Product: Red Hat Enterprise Linux 5 Reporter: Olle Liljenzin <olle>
Component: lvm2Assignee: Milan Broz <mbroz>
Status: CLOSED DUPLICATE QA Contact: Corey Marthaler <cmarthal>
Severity: medium Docs Contact:
Priority: low    
Version: 5.0CC: agk, dwysocha, jbrassow, mbroz, prockai, pvrabec
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-04 11:59:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit.log from 'lvm help' with selinux enforced none

Description Olle Liljenzin 2007-11-06 09:26:47 UTC 
Description of problem:
No output is printed to the terminal from lvm commands (lvdisplay, vgdisplay etc.) 

Version-Release number of selected component (if applicable):
lvm2-2.02.16-3.el5
kernel-2.6.18-8.1.8.el5

How reproducible:
Always

Steps to Reproduce:
1. rlogin <hostname>
2. /usr/sbin/lvm help
  
Actual results:
command completes silently

Expected results:
help text should be displayed

Additional info:
The rlogin is not needed to reproduce in fc6.

strace shows that the process is writing the help text to fd 2 as usual, but the
output is just gone.
Comment 1 Alasdair Kergon 2007-11-06 13:40:53 UTC 
What about other commands that write to stderr - do they have similar problems?
Is selinux enabled - if so, can you reproduce without?
Comment 2 Olle Liljenzin 2007-11-06 22:41:44 UTC 
Other programs can write to stderr.

It appears to be an selinux issue as you suggest, at least in fc6 where I had
immediate access to a machine where I could disable it. (I will try disabling in
also in RHEL5 to verify, but it has to wait until tomorrow.)

But selinux not allowing terminal output from lvm commands seems a bit
restrictive, or is it just me getting hit by this?
Comment 3 Olle Liljenzin 2007-11-07 13:22:50 UTC 
I have verified it is selinux by making a clean installation of rhel5 by these
steps:

1. Install rhel5 x86_64 client with selinux enforced
2. install rsh-server
3. enable rlogin in /etc/xinetd.d/rlogin
4. add rlogin to /etc/securetty
5. start xinted
6. run 'lvm help' (help text is printed)
7. rlogin localhost
8. run 'lvm help' (help text is not printed)
9. run 'setenforce 0'
10. run 'lvm help' (help text is printed)
Comment 4 Alasdair Kergon 2007-11-07 13:43:05 UTC 
So ensure selinux is logging failures and see what the precise error messages are.
Comment 5 Olle Liljenzin 2007-11-07 19:41:04 UTC 
type=AVC msg=audit(1194462466.874:404): avc:  denied  { read write } for 
pid=11867 comm="lvm" name="10" dev=devpts ino=12 scontext=root:system_r:lvm_t:s0
tcontext=root:obj
ect_r:rlogind_devpts_t:s0
 tclass=chr_file

I will attach the related part of audit.log as a file.
Comment 6 Olle Liljenzin 2007-11-07 19:42:36 UTC 
Created attachment 250671 [details]
audit.log from 'lvm help' with selinux enforced
Comment 7 Olle Liljenzin 2007-11-08 14:43:14 UTC 
I understand now that I have reported this on wrong component, but is it
rsh-server or selinux-policy or some other component that should have it?

I was first hit by this in fc6 and it confused me that auditd in fc6 was silent
and rlogin wasn't involved. I guess the fix for fc6 is an upgrade to f7.

(But why isn't the write call failing when selinux blocks the output?)
Comment 8 Olle Liljenzin 2007-11-10 09:55:45 UTC 
I have created a new bz 374431 on the component selinux-policy and want to make
this bz a duplicate of the new one.

Bugzilla says: You tried to change the Status field from NEW to CLOSED, but only
the owner or submitter of the bug, or a autorized user, may change that field.

AFAIK I am the submitter of the bug.
Comment 9 Milan Broz 2008-01-04 11:59:59 UTC 
Closing as duplicate per comment #8.

*** This bug has been marked as a duplicate of 374431 ***