Bug 524983

Summary: v7 Network server blocked from working by SELinux
Product: Red Hat Hardware Certification Program Reporter: Gary Case <gcase>
Component: Test Suite (tests)Assignee: Greg Nichols <gnichols>
Status: CLOSED WONTFIX QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 1.0CC: akodenkiri, bbrock, bugproxy, chau.nguyen2, czhang, dparikh, gbai, rlandry, sdenham, yuchen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1092696 (view as bug list) Environment:
Last Closed: 2013-05-24 11:50:26 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1092696, 767775, 773757    
Attachments:
Description Flags
output from SELinux detailing the v7 error
none
daemon mode test implementation
none
network test output - both client and server have v7-1.3.19
none
console messages on v7 network test
none
network test console messages running with v7 server selinux disabled.
none
network test patch adding warning about selinux on server start none

Description Gary Case 2009-09-22 17:32:38 EDT
Created attachment 362138 [details]
output from SELinux detailing the v7 error

Description of problem:
v7 Network server fails to function due to SELinux errors.

Version-Release number of selected component (if applicable):
v7-1.0-15.el5

How reproducible:
Every time

Steps to Reproduce:
1. Install v7.
2. Run v7 server start.
3. Attempt to use machine as network test server.
4. Errors occur.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rob Landry 2010-03-05 16:35:57 EST
Greg, is this a duplicate of bz#521609 or at least the same fix will be required?
Comment 3 Greg Nichols 2010-04-07 21:02:11 EDT
Created attachment 405142 [details]
daemon mode test implementation

This patch is an implementation that explores use of cgi communication with a separate server deamon process used to carry out commands.
Comment 6 Greg Nichols 2010-10-08 08:31:37 EDT
*** Bug 641150 has been marked as a duplicate of this bug. ***
Comment 7 Greg Nichols 2011-03-24 08:46:18 EDT
*** Bug 690363 has been marked as a duplicate of this bug. ***
Comment 8 Greg Nichols 2011-04-05 09:35:41 EDT
*** Bug 692775 has been marked as a duplicate of this bug. ***
Comment 9 Greg Nichols 2011-04-13 09:16:56 EDT
*** Bug 692576 has been marked as a duplicate of this bug. ***
Comment 10 IBM Bug Proxy 2011-04-13 09:27:09 EDT
Created attachment 491758 [details]
network test output - both client and server have v7-1.3.19
Comment 11 IBM Bug Proxy 2011-04-13 09:27:13 EDT
Created attachment 491759 [details]
console messages on v7 network test
Comment 12 IBM Bug Proxy 2011-04-13 09:27:16 EDT
Created attachment 491760 [details]
network test console messages running with v7 server selinux disabled.
Comment 13 IBM Bug Proxy 2011-04-13 13:32:10 EDT
------- Comment From hienn@us.ibm.com 2011-04-13 13:26 EDT-------
Can you post the command to apply the patch?

I got errors when trying to apply it:
[root@eagle3 v7]# pwd
/usr/share/v7/lib/v7
[root@eagle3 v7]# patch -p2 < hardwaretest.patch
can't find file to patch at input line 5
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Index: hardwaretest.py
|===================================================================
|--- hardwaretest.py    (revision 474)
|+++ hardwaretest.py    (working copy)
--------------------------
File to patch: hardwaretest.py
patching file hardwaretest.py
Hunk #1 FAILED at 43.
Hunk #2 FAILED at 190.
Hunk #3 FAILED at 416.
Hunk #4 FAILED at 429.
Hunk #5 FAILED at 1040.
5 out of 5 hunks FAILED -- saving rejects to file hardwaretest.py.rej

[root@eagle3 v7]# cat hardwaretest.py.rej
--- /dev/null
+++ /dev/null
@@ -43,7 +43,7 @@
from v7.command import Command, V7CommandException
from v7.resultsengine import ResultsEngine
from v7.redhatrelease import RedHatRelease
-
+from v7.daemon import V7Daemon

class HardwareTestHarness(Controller):

@@ -190,10 +190,8 @@
command = self.options.command
if command == "print":
self.doPrint(format="html")
-        elif (command == 'run'):
+        elif (command == 'run' or command == 'server'):
result = self.addTask()
-        elif command == "status":
-            self.doWebStatus()
else:
print "Error: unknown/unsupported command %s" % command
return False
@@ -416,7 +414,8 @@
subcommand = "start"

if subcommand == "daemon":
-            return self.doDaemon()
+            daemon = V7Daemon(self.environment)
+            return daemon.run()

planner = Planner(self.options, virtualization=None)
@@ -429,53 +428,33 @@
if rv != 0:
result = rv
return result
-
-    def doDaemon(self):
-        while True:
-            if self.Debugging != Constants.off:
-                print "checking for tasks"
-            try:
-                taskFile = open(self.environment.getTaskFilePath())
-                for line in taskFile.readlines():
-                    if not line:
-                        break
-                    try:
-                        print "\"" + line.strip() + "\""
-                        if line.strip() == "shutdown":
-                            print "v7 daemon shutdown"
-                            # delete the lines from the file
-                            open(self.environment.getTaskFilePath(), "w").close()
-                            return 0
-                        # otherwise
-                        # only run v7 - nothing else
-                        if line.split()[0] == "v7" and ";" not in line:
-                            print "Running: " + line
-                            task = Command(line)
-                            task.echo()
-                        else:
-                            print "unsupported command: " + line
-                    except V7CommandException, e:
-                        print "Error: " + e.message
-                taskFile.close()
-                # delete the lines from the file
-                open(self.environment.getTaskFilePath(), "w").close()
-                time.sleep(10)
-            except IOError, e:
-                print e/v7/results.xml
-                return False

def addTask(self):
print "<pre>"
-        command = "v7 " + self.webOptions["command"] + " "
+        command = "v7 " + self.webOptions["command"] + " " + self.webOptions["subcommand"] + " "
for option in self.webOptions.keys():
-            if option != "command" and self.webOptions[option]:
+            if "command" not in option and self.webOptions[option]:
command += "--" + option + " " + self.webOptions[option] + " "
command += "\n"
print "Adding Task: " + command
sys.stdout.flush()
-        taskFile = open(self.environment.getTaskFilePath(), "a")
-        taskFile.write(command)
-        taskFile.close()
+        taskInFile = os.open(self.environment.getTaskFilePath() + ".in", os.O_WRONLY)
+        print "opened task file"
+        sys.stdout.flush()
+        os.write(taskInFile, command)
+        os.write(taskInFile, "\n")
+        os.close(taskInFile)
+        print "Reading Results"
+        taskOutFile = open(self.environment.getTaskFilePath()+".out", "r")
+        while True:
+            line = taskOutFile.readline()
+            if line:
+                print line
+            else:
+                break
+        taskOutFile.close()
+        print "done"
+        sys.stdout.flush()
print "</pre>"

def doWebStatus(self):
@@ -1040,8 +1019,8 @@
print "Warning: unknown device: %s " % key
# create one from scratch
device = HalDevice(dict())
-                if self.options.udi:
-                    device.setUDI(self.options.udi)
+                if self.options.udi and len(self.options.udi) > 0:
+                    device.setUDI(self.options.udi[0])

test.setDevice(device)
if self.options.device:
[root@eagle3 v7]#
Comment 14 Greg Nichols 2011-04-15 10:01:57 EDT
Created attachment 492385 [details]
network test patch adding warning about selinux on server start
Comment 16 IBM Bug Proxy 2011-04-16 00:11:28 EDT
------- Comment From lxie@us.ibm.com 2011-04-16 00:05 EDT-------
(In reply to comment #17)
> Created an attachment (id=60829) [details]
> daemon mode test implementation
>
>
> ------- Comment on attachment From gnichols@redhat.com 2010-04-07 21:02:11
> EDT-------
>
>
> This patch is an implementation that explores use of cgi communication with a
> separate server deamon process used to carry out commands.

RedHat,

Dose this patch have a fix for this bug? are you expecting IBM to test it? which build should this patch be applied to v7-1.1-19 or later build?
Comment 17 IBM Bug Proxy 2011-04-20 16:31:39 EDT
------- Comment From lxie@us.ibm.com 2011-04-20 16:29 EDT-------
(In reply to comment #20)
> (In reply to comment #17)
> > Created an attachment (id=60829) [details] [details]
> > daemon mode test implementation
> >
> >
> > ------- Comment on attachment From gnichols@redhat.com 2010-04-07 21:02:11
> > EDT-------
> >
> >
> > This patch is an implementation that explores use of cgi communication with a
> > separate server deamon process used to carry out commands.
>
> RedHat,
>
> Dose this patch have a fix for this bug? are you expecting IBM to test it?
> which build should this patch be applied to v7-1.1-19 or later build?

oops,  the severity was accidentally changed to low, needs to be block
Comment 18 Greg Nichols 2011-04-27 11:41:29 EDT
*** Bug 624493 has been marked as a duplicate of this bug. ***
Comment 19 IBM Bug Proxy 2011-04-29 17:20:44 EDT
------- Comment From hienn@us.ibm.com 2011-04-29 17:18 EDT-------
v7-1.3-35 : passed the network tests on a Power7 blade with a 2-port HEA card.

Will try on a Power7 standalone system.
Comment 20 IBM Bug Proxy 2011-05-11 14:11:10 EDT
------- Comment From lxie@us.ibm.com 2011-05-11 14:09 EDT-------
(In reply to comment #23)
> v7-1.3-35 : passed the network tests on a Power7 blade with a 2-port HEA card.
>
> Will try on a Power7 standalone system.

Hien,

When you get a chance, please test the latest HTS (-43) build on a server, if it works, you might close this bug.

Thanks,

Linda
Comment 21 IBM Bug Proxy 2011-05-18 08:22:17 EDT
------- Comment From sglass@us.ibm.com 2011-05-18 08:11 EDT-------
This is now working for IBM
Comment 22 Devang Parikh 2011-08-02 08:40:36 EDT
customer has escalated the delay to senior management, we need to accelerate the cert, to the customer
Comment 23 Rob Landry 2011-08-02 10:46:32 EDT
(In reply to comment #22)
> customer has escalated the delay to senior management, we need to accelerate
> the cert, to the customer

This bug does not block certifications.