Bug 725137

Summary:	Fails to start due to /var/empty/sshd
Product:	[Fedora] Fedora	Reporter:	Pete Zaitcev <zaitcev>
Component:	rpm	Assignee:	Panu Matilainen <pmatilai>
Status:	CLOSED DUPLICATE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	ffesti, herrold, jchadima, jnovy, kwizart, mads, mattias.ellert, mcepl, mcepl, mgrepl, michal, pebolle, pmatilai, schwab, tmraz
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-08-15 08:46:43 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Pete Zaitcev 2011-07-23 03:45:47 UTC

Description of problem:

Says something about "directory required for priviledge separation"
and fails to start.

Version-Release number of selected component (if applicable):

openssh-server-5.8p2-15.fc16.1.x86_64

How reproducible:

100%

Steps to Reproduce:
1. yum update
2. reboot
  
Actual results:

Fails to start

Expected results:

Starts and works

Additional info:

Workaround: mkdir /var/empty/sshd

[root@niphredil zaitcev]# rpm -qf /var/empty/sshd
file /var/empty/sshd is not owned by any package

Suggesting to make sure /var/empty/sshd is created at install time
and add it to spec file.

Comment 1 Michal Jaegermann 2011-07-24 18:25:20 UTC

(In reply to comment #0
> 
> Suggesting to make sure /var/empty/sshd is created at install time
> and add it to spec file.

Something "funny" is going on here.  After
'rpm -qlv openssh-server-5.8p2-15.fc16.1 | grep empty' the following shows up:

drwx--x--x    2 root    root                  0 Jul 21 07:13 /var/empty/sshd/

(yes, with a trailing slash while this character is missing there for a working openssh-server-5.8p2-14.fc16.1),  OTOH even after restoring /var/empty/sshd/
both 'rpm -qf /var/empty/sshd/' and 'rpm -qf /var/empty/sshd' reply with "file /var/empty/sshd is not owned by any package".

An information in /var/log/messages is spectacularly unhelpful.  One sees:

systemd[1]: Unit sshd.service entered failed state.
sshd.service: main process exited, code=exited, status=255

and that is it.  Luckily, with an access to a console, one may try to start sshd "by hand" and that prints 'Missing privilege separation directory: /var/empty/sshd'.

Comment 2 Pete Zaitcev 2011-07-24 18:40:14 UTC

There are additional messages in /var/log/secure, but I only found
about them after I figured it out.

Comment 3 Tomas Mraz 2011-07-25 11:09:09 UTC

This all was caused by a broken rpm in the buildroot when 5.8p2-15.fc16.1 was built. It caused adding the / at the end of the /var/empty/sshd in the filelist.

Unfortunately for the poor ones who installed the openssh-server-5.8p2-15.fc16.1 simple update with openssh-server-5.8p2-16.fc16.1 will not help as the rpm in case the old package contains
/var/empty/sshd/ in the filelist
and the new package
/var/empty/sshd in the filelist
happily removes the /var/empty/sshd dir as part of the cleanup of the old package.

Next update or forced update with the 5.8p2-16.fc16.1 will finally create the dir and leave it as is. Or you can of course create it manually
with 'mkdir -m 711 /var/empty/sshd'

I'd say though that the rpm should recognize /var/empty/sshd and /var/empty/sshd/ as the same and not to cleanup it on upgrade. So reopening and reassigning to rpm.

Comment 4 Tomas Mraz 2011-07-25 14:40:38 UTC

*** Bug 725430 has been marked as a duplicate of this bug. ***

Comment 5 Panu Matilainen 2011-08-15 08:46:43 UTC


*** This bug has been marked as a duplicate of bug 728707 ***

Comment 6 Tomas Mraz 2011-09-26 09:59:32 UTC

*** Bug 740896 has been marked as a duplicate of this bug. ***