Bug 487280
| Summary: | Monitoring and MonitoringScout should not print messages during startup if disabled | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Michael Mráka <mmraka> |
| Component: | Monitoring | Assignee: | Miroslav Suchý <msuchy> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Michael Mráka <mmraka> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 530 | CC: | jmatthew, jpazdziora |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sat530 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-10 18:49:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 463877 | ||
*** This bug has been marked as a duplicate of bug 474563 *** Reopening as: A) You can't close dupe across product lines, and B) The one it is duping against is 0.6, and this was aligned against 5.3. Commited as 4d6896012e5835a981beed930f96c0350ac63409 Fixed in package SatConfig-general-1.216.8-1 Monitor Scout now start as: Starting MonitoringScout ... Starting InstallSoftwareConfig ... [ OK ] Starting NPBootstrap ... [ OK ] Starting SputLite ... [ OK ] Starting Dequeuer ... [ OK ] Starting Dispatcher ... [ OK ] [ OK ] And Monitoring now start as: Starting Monitoring ... Starting InstallSoftwareConfig ... [ OK ] Starting GenerateNotifConfig ... [ OK ] Starting NotifEscalator ... [ OK ] Starting NotifLauncher ... [ OK ] Starting Notifier ... [ OK ] Starting AckProcessor ... [ OK ] Starting TSDBLocalQueue ... [ OK ] [ OK ] This is however not ideal, since the service Monitoring and MonitoringScout start others sub-service. Idealy each sub-service will be independent service and we use /etc/rc.d/init.d/functions for starting and stopping. But this will requires rewrite monitoring init.d scripts which can potentionaly lead to more Monitoring breakage, which I do not suggest to do right now. Mass moving to ON_QA FYI, with SatConfig-general-1.216.8-1.el5sat on Satellite-5.3.0-RHEL5-re20090306.2-i386, I still see
type=AVC msg=audit(1235481127.000:310): avc: denied { read write } for pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481127.000:310): avc: denied { read write } for pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481127.000:310): avc: denied { read write } for pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481141.974:311): avc: denied { read write } for pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481141.974:311): avc: denied { read write } for pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481141.974:311): avc: denied { read write } for pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481416.890:23): avc: denied { read write } for pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481417.218:24): avc: denied { ioctl } for pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481417.218:24): avc: denied { sys_tty_config } for pid=3022 comm="Monitoring" capability=26 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:system_r:spacewalk_monitoring_t:s0 tclass=capability
type=AVC msg=audit(1235481419.449:25): avc: denied { getattr } for pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
in audit.log upon restart.
I meant reboot. You can also see these AVCs if you run /usr/sbin/rhn-satellite start on console (vmware console):
type=AVC msg=audit(1235482041.994:65): avc: denied { read write } for pid=4965 comm="Monitoring" name="tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235482042.000:66): avc: denied { ioctl } for pid=4965 comm="Monitoring" path="/dev/tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235482042.731:67): avc: denied { getattr } for pid=4965 comm="Monitoring" path="/dev/tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
Jan solved the SElinux issue in 883d0398abac9155216864c8e62cfd4e6ec39a55 Will be fixed in spacewalk-monitoring-selinux-0.5.5 Verified. Satellite-5.3.0-RHEL5-re20090327.0 [root@xen30 ~]# service Monitoring stop Stopping Monitoring ... Stopping TSDBLocalQueue ... [ OK ] Stopping AckProcessor ... [ OK ] Stopping Notifier ... [ OK ] Stopping NotifLauncher ... [ OK ] Stopping NotifEscalator ... [ OK ] Stopping GenerateNotifConfig ... [ OK ] Stopping InstallSoftwareConfig ... [ OK ] [ OK ] [root@xen30 ~]# service MonitoringScout stop Stopping MonitoringScout ... [ OK ] [ OK ] [root@xen30 ~]# service Monitoring start Starting Monitoring ... Starting InstallSoftwareConfig ... [ OK ] Starting GenerateNotifConfig ... [ OK ] Starting NotifEscalator ... [ OK ] Starting NotifLauncher ... [ OK ] Starting Notifier ... [ OK ] Starting AckProcessor ... [ OK ] Starting TSDBLocalQueue ... [ OK ] [ OK ] [root@xen30 ~]# service MonitoringScout start Starting MonitoringScout ... [ OK ] [ OK ] [root@xen30 ~]# grep AVC.*Monitoring /var/log/audit/audit.log <no output> RELEASE_PENDING Running against Satellite-5.3.0-RHEL5-re20090724.0-i386-embedded-oracle.iso registered to stage monitoring has not been enabled as per testplan in description [root@sun-x4200-01 ~]# service Monitoring stop Stopping Monitoring ... [ OK ] [root@sun-x4200-01 ~]# service MonitoringScout stop Stopping MonitoringScout ... [ OK ] [root@sun-x4200-01 ~]# service Monitoring start Starting Monitoring ... [ OK ] [root@sun-x4200-01 ~]# service MonitoringScout start Starting MonitoringScout ... [ OK ] [root@sun-x4200-01 ~]# grep AVC.*Monitoring /var/log/audit/audit.log [root@sun-x4200-01 ~]# An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html |
Description of problem: Monitoring and MonitoringScout services write a lot of messages during startup (or restart) even if those services are disabled. Moreover Monitoring generates AVC denials because it writes to the console (this is not a selinux problem; monitoring should not write there). Version-Release number of selected component (if applicable): Satellite-5.3.0-RHEL5-re20090220.1 How reproducible: Always Steps to Reproduce: 1. install satellite, don't touch monitoring setup (i.e. don't enable it) 2. service Monitoring stop 3. service MonitoringScout stop 4. service Monitoring start 5. service MonitoringScout start 6. grep AVC.*Monitoring /var/log/audit/audit.log Actual results: # service Monitoring stop 2009-02-25 10:59:09 Monitoring: Debug level = 0 2009-02-25 10:59:09 Monitoring: Switches: stop 2009-02-25 10:59:09 Monitoring: STOPPING 2009-02-25 10:59:09 Monitoring: STOPPED OK 2009-02-25 10:59:09 Monitoring: ============ STATUS =============== 2009-02-25 10:59:09 Monitoring: ---- Monitoring backend functionality is disabled 2009-02-25 10:59:09 Monitoring: ---- Monitoring scout functionality is disabled 2009-02-25 10:59:09 Monitoring: Last action: stop 2009-02-25 10:59:09 Monitoring: ** Installed for SysV startup ** 2009-02-25 10:59:09 Monitoring: STOPPED 2009-02-25 10:59:09 Monitoring: =================================== # service MonitoringScout stop 2009-02-25 11:00:50 MonitoringScout: Debug level = 0 2009-02-25 11:00:50 MonitoringScout: Switches: stop 2009-02-25 11:00:50 MonitoringScout: STOPPING 2009-02-25 11:00:50 MonitoringScout: STOPPED OK 2009-02-25 11:00:50 MonitoringScout: ============ STATUS =============== 2009-02-25 11:00:50 MonitoringScout: ---- Monitoring backend functionality is disabled 2009-02-25 11:00:50 MonitoringScout: ---- Monitoring scout functionality is disabled 2009-02-25 11:00:50 MonitoringScout: Last action: stop 2009-02-25 11:00:50 MonitoringScout: ** Installed for SysV startup ** 2009-02-25 11:00:50 MonitoringScout: STOPPED 2009-02-25 11:00:50 MonitoringScout: =================================== # service Monitoring start 2009-02-25 11:01:12 Monitoring: Debug level = 0 2009-02-25 11:01:12 Monitoring: Switches: start 2009-02-25 11:01:12 Monitoring: STARTING... 2009-02-25 11:01:12 Monitoring: STARTED OK 2009-02-25 11:01:12 Monitoring: ============ STATUS =============== 2009-02-25 11:01:12 Monitoring: ---- Monitoring backend functionality is disabled 2009-02-25 11:01:12 Monitoring: ---- Monitoring scout functionality is disabled 2009-02-25 11:01:12 Monitoring: Last action: start 2009-02-25 11:01:12 Monitoring: ** Installed for SysV startup ** 2009-02-25 11:01:12 Monitoring: STARTED and RUNNING 2009-02-25 11:01:12 Monitoring: =================================== # service MonitoringScout start 2009-02-25 11:01:37 MonitoringScout: Debug level = 0 2009-02-25 11:01:37 MonitoringScout: Switches: start 2009-02-25 11:01:37 MonitoringScout: STARTING... 2009-02-25 11:01:37 MonitoringScout: STARTED OK 2009-02-25 11:01:37 MonitoringScout: ============ STATUS =============== 2009-02-25 11:01:37 MonitoringScout: ---- Monitoring backend functionality is disabled 2009-02-25 11:01:37 MonitoringScout: ---- Monitoring scout functionality is disabled 2009-02-25 11:01:37 MonitoringScout: Last action: start 2009-02-25 11:01:37 MonitoringScout: ** Installed for SysV startup ** 2009-02-25 11:01:37 MonitoringScout: STARTED and RUNNING 2009-02-25 11:01:37 MonitoringScout: =================================== # grep AVC.*Monitoring /var/log/audit/audit.log type=AVC msg=audit(1235553463.095:21): avc: denied { read write } for pid=2099 comm="Monitoring" path="/dev/console" dev=tmpfs ino=564 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235553463.307:22): avc: denied { ioctl } for pid=2099 comm="Monitoring" path="/dev/console" dev=tmpfs ino=564 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file type=AVC msg=audit(1235553464.311:23): avc: denied { getattr } for pid=2099 comm="Monitoring" path="/dev/console" dev=tmpfs ino=564 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file Expected results: no output on console, no messages in audit log Additional info: