Bug 487280
Summary: | Monitoring and MonitoringScout should not print messages during startup if disabled | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Michael Mráka <mmraka> |
Component: | Monitoring | Assignee: | Miroslav Suchý <msuchy> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Michael Mráka <mmraka> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 530 | CC: | jmatthew, jpazdziora |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sat530 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-10 18:49:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 463877 |
Description
Michael Mráka
2009-02-25 10:05:03 UTC
*** This bug has been marked as a duplicate of bug 474563 *** Reopening as: A) You can't close dupe across product lines, and B) The one it is duping against is 0.6, and this was aligned against 5.3. Commited as 4d6896012e5835a981beed930f96c0350ac63409 Fixed in package SatConfig-general-1.216.8-1 Monitor Scout now start as: Starting MonitoringScout ... Starting InstallSoftwareConfig ... [ OK ] Starting NPBootstrap ... [ OK ] Starting SputLite ... [ OK ] Starting Dequeuer ... [ OK ] Starting Dispatcher ... [ OK ] [ OK ] And Monitoring now start as: Starting Monitoring ... Starting InstallSoftwareConfig ... [ OK ] Starting GenerateNotifConfig ... [ OK ] Starting NotifEscalator ... [ OK ] Starting NotifLauncher ... [ OK ] Starting Notifier ... [ OK ] Starting AckProcessor ... [ OK ] Starting TSDBLocalQueue ... [ OK ] [ OK ] This is however not ideal, since the service Monitoring and MonitoringScout start others sub-service. Idealy each sub-service will be independent service and we use /etc/rc.d/init.d/functions for starting and stopping. But this will requires rewrite monitoring init.d scripts which can potentionaly lead to more Monitoring breakage, which I do not suggest to do right now. Mass moving to ON_QA FYI, with SatConfig-general-1.216.8-1.el5sat on Satellite-5.3.0-RHEL5-re20090306.2-i386, I still see type=AVC msg=audit(1235481127.000:310): avc: denied { read write } for pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481127.000:310): avc: denied { read write } for pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481127.000:310): avc: denied { read write } for pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481141.974:311): avc: denied { read write } for pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481141.974:311): avc: denied { read write } for pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481141.974:311): avc: denied { read write } for pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481416.890:23): avc: denied { read write } for pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481417.218:24): avc: denied { ioctl } for pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235481417.218:24): avc: denied { sys_tty_config } for pid=3022 comm="Monitoring" capability=26 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:system_r:spacewalk_monitoring_t:s0 tclass=capability type=AVC msg=audit(1235481419.449:25): avc: denied { getattr } for pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file in audit.log upon restart. I meant reboot. You can also see these AVCs if you run /usr/sbin/rhn-satellite start on console (vmware console): type=AVC msg=audit(1235482041.994:65): avc: denied { read write } for pid=4965 comm="Monitoring" name="tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file type=AVC msg=audit(1235482042.000:66): avc: denied { ioctl } for pid=4965 comm="Monitoring" path="/dev/tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file type=AVC msg=audit(1235482042.731:67): avc: denied { getattr } for pid=4965 comm="Monitoring" path="/dev/tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file Jan solved the SElinux issue in 883d0398abac9155216864c8e62cfd4e6ec39a55 Will be fixed in spacewalk-monitoring-selinux-0.5.5 Verified. Satellite-5.3.0-RHEL5-re20090327.0 [root@xen30 ~]# service Monitoring stop Stopping Monitoring ... Stopping TSDBLocalQueue ... [ OK ] Stopping AckProcessor ... [ OK ] Stopping Notifier ... [ OK ] Stopping NotifLauncher ... [ OK ] Stopping NotifEscalator ... [ OK ] Stopping GenerateNotifConfig ... [ OK ] Stopping InstallSoftwareConfig ... [ OK ] [ OK ] [root@xen30 ~]# service MonitoringScout stop Stopping MonitoringScout ... [ OK ] [ OK ] [root@xen30 ~]# service Monitoring start Starting Monitoring ... Starting InstallSoftwareConfig ... [ OK ] Starting GenerateNotifConfig ... [ OK ] Starting NotifEscalator ... [ OK ] Starting NotifLauncher ... [ OK ] Starting Notifier ... [ OK ] Starting AckProcessor ... [ OK ] Starting TSDBLocalQueue ... [ OK ] [ OK ] [root@xen30 ~]# service MonitoringScout start Starting MonitoringScout ... [ OK ] [ OK ] [root@xen30 ~]# grep AVC.*Monitoring /var/log/audit/audit.log <no output> RELEASE_PENDING Running against Satellite-5.3.0-RHEL5-re20090724.0-i386-embedded-oracle.iso registered to stage monitoring has not been enabled as per testplan in description [root@sun-x4200-01 ~]# service Monitoring stop Stopping Monitoring ... [ OK ] [root@sun-x4200-01 ~]# service MonitoringScout stop Stopping MonitoringScout ... [ OK ] [root@sun-x4200-01 ~]# service Monitoring start Starting Monitoring ... [ OK ] [root@sun-x4200-01 ~]# service MonitoringScout start Starting MonitoringScout ... [ OK ] [root@sun-x4200-01 ~]# grep AVC.*Monitoring /var/log/audit/audit.log [root@sun-x4200-01 ~]# An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html |