This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 672612

Summary: Augeas plugin fails due to use of noexec on Linux /tmp FS (need to add a note in DOCs)
Product: [Other] RHQ Project Reporter: Rafael Soares (Tuelho) <rsoares>
Component: PluginsAssignee: RHQ Project Maintainer <rhq-maint>
Status: NEW --- QA Contact: Mike Foley <mfoley>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.0.0CC: hrupp, mjc
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 808505 (view as bug list) Environment:
RHEL 5.5 x86_64 Sun JDK 1.6 JON 2.4
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 808505    

Description Rafael Soares (Tuelho) 2011-01-25 12:59:06 EST
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Rafael Soares (Tuelho) 2011-01-25 13:28:29 EST
Description of problem:
When you enable the configuration support for Apache Httpd plugin (that uses Augeas) as described at [1] if the /tmp FS is configured as nonexec (on Linux fstab) the agent throws the following error:

Agent's log in debug mode snippet:
2011-01-25 16:17:00,296 DEBUG [WorkerThread#0[]] (rhq.core.pc.inventory.ResourceContainer$ResourceComponentInvocationHandler)- Call to [org.rhq.plugins.apache.ApacheVirtualHostServiceComponent.loadResourceConfiguration()] with args [] failed.
java.util.concurrent.ExecutionException: java.lang.Exception: java.lang.NoClassDefFoundError: Could not initialize class net.augeas.jna.Aug
	at java.util.concurrent.FutureTask$Sync.innerGet(
	at java.util.concurrent.FutureTask.get(
	at org.rhq.core.pc.inventory.ResourceContainer$ResourceComponentInvocationHandler.invokeInNewThreadWithLock(
	at org.rhq.core.pc.inventory.ResourceContainer$ResourceComponentInvocationHandler.invoke(
	at $Proxy58.loadResourceConfiguration(Unknown Source)
	at org.rhq.core.pc.configuration.LegacyConfigManagement.loadConfigFromFacet(
	at org.rhq.core.pc.configuration.LegacyConfigManagement.executeLoad(
	at org.rhq.core.pc.configuration.ConfigurationManager.loadResourceConfiguration(
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(
	at java.lang.reflect.Method.invoke(
	at org.rhq.enterprise.communications.command.impl.remotepojo.server.RemotePojoInvocationCommandService.execute(
	at sun.reflect.GeneratedMethodAccessor299.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(
	at java.lang.reflect.Method.invoke(
	at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(
	at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(
	at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(
	at com.sun.jmx.mbeanserver.PerInterface.invoke(
	at com.sun.jmx.mbeanserver.MBeanSupport.invoke(
	at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(
	at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(
	at $Proxy0.execute(Unknown Source)
	at org.rhq.enterprise.communications.command.server.CommandProcessor.handleIncomingInvocationRequest(
	at org.rhq.enterprise.communications.command.server.CommandProcessor.invoke(
	at org.jboss.remoting.ServerInvoker.invoke(
	at org.jboss.remoting.transport.socket.ServerThread.processInvocation(
	at org.jboss.remoting.transport.socket.ServerThread.dorun(
Caused by: java.lang.Exception: java.lang.NoClassDefFoundError: Could not initialize class net.augeas.jna.Aug
	at org.rhq.core.pc.inventory.ResourceContainer$
	at java.util.concurrent.FutureTask$Sync.innerRun(
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
	at java.util.concurrent.ThreadPoolExecutor$
Caused by: java.lang.NoClassDefFoundError: Could not initialize class net.augeas.jna.Aug
	at net.augeas.Augeas.<init>(Unknown Source)
	at net.augeas.Augeas.<init>(Unknown Source)
	at org.rhq.plugins.apache.ApacheServerComponent.isAugeasEnabled(
	at org.rhq.plugins.apache.ApacheVirtualHostServiceComponent.loadResourceConfiguration(
	at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(
	at java.lang.reflect.Method.invoke(
	at org.rhq.core.pc.inventory.ResourceContainer$
	... 5 more


Version-Release number of selected component (if applicable):
JON 2.4

How reproducible:

Steps to Reproduce:
1. Configure the /tmp as nonexec flag on /etc/fstab
   #snippet of a mount command                 #noexec flag
   /dev/mapper/RH-LV_TMP on /tmp type ext3 (rw,noexec,nosuid,nodev,noatime)

2. Enable the configuration support (Apache Httpd Resource > Inventory > Connection tab)
3. Try to access the Apache Httpd resource Configuration tab
4. See the rhq-agent logs

Actual results:

Expected results:
   I think is import to hilight the issue when using noexec flag on /tmp Linux FS. Today there is no NOTES about this in [1]

Additional info:
Comment 2 Heiko W. Rupp 2012-05-24 02:44:53 EDT
I do not think that having users disable the noexec flag is a viable solution in general. 

From mount(8):

 noexec Do not allow direct execution of any binaries on the mounted filesystem. 

So this is a security feature; and disabling it may weaken system security.
Comment 3 David Jorm 2012-05-24 22:52:38 EDT
The noexec flag is a defence-in-depth measure - disabling it does not expose any particular security hole, it just removes a particular line of defence. That line of defence has been historically flawed. Up until recent kernels, an attacker could circumvent noexec by running /lib/ <binary> instead of running the binary directly. Even in the most recent kernels, an attacker can still run system-provided interpreters on scripts that can't be run directly. These interpreters (perl, python, etc.) are not privileged and don't allow the user to directly execute code, but they still provide some scope for circumventing noexec.

That said, requiring the user to disable noexec is still a bad idea. It is not a high-risk flaw, but if we can patch the plugin to function correctly when /tmp is mounted as noexec, this would be preferable.