Bug 742883

Summary: [abrt] iotop-0.4.3-1.fc16: netlink.py:229:recv:OSError: Netlink error: Operation not permitted (1)
Product: [Fedora] Fedora Reporter: Lukas Bezdicka <social>
Component: iotopAssignee: Adel Gadllah <adel.gadllah>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: adel.gadllah, alekcejk, kaloyan_petrov, mhlavink, misek, sanne
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:e4db8fed9e7402103e0cda5e5d151a8c9ccb0dc4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-14 11:21:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Bezdicka 2011-10-03 08:59:34 UTC 
libreport version: 2.0.5.982
abrt_version:   2.0.4.981
cmdline:        /usr/bin/python /usr/bin/iotop
comment:        iotop as normal user.
event_log:      2011-10-03-10:41:19> Smolt profile successfully saved
executable:     /usr/bin/iotop
kernel:         3.1.0-0.rc8.git0.0.fc16.x86_64
reason:         netlink.py:229:recv:OSError: Netlink error: Operation not permitted (1)
time:           Mon Oct  3 10:40:33 2011
uid:            501
username:       social

backtrace:
:netlink.py:229:recv:OSError: Netlink error: Operation not permitted (1)
:
:Traceback (most recent call last):
:  File "/usr/bin/iotop", line 16, in <module>
:    main()
:  File "/usr/lib/python2.7/site-packages/iotop/ui.py", line 563, in main
:    main_loop()
:  File "/usr/lib/python2.7/site-packages/iotop/ui.py", line 553, in <lambda>
:    main_loop = lambda: run_iotop(options)
:  File "/usr/lib/python2.7/site-packages/iotop/ui.py", line 465, in run_iotop
:    return curses.wrapper(run_iotop_window, options)
:  File "/usr/lib64/python2.7/curses/wrapper.py", line 43, in wrapper
:    return func(stdscr, *args, **kwds)
:  File "/usr/lib/python2.7/site-packages/iotop/ui.py", line 457, in run_iotop_window
:    process_list = ProcessList(taskstats_connection, options)
:  File "/usr/lib/python2.7/site-packages/iotop/data.py", line 373, in __init__
:    self.update_process_counts()
:  File "/usr/lib/python2.7/site-packages/iotop/data.py", line 429, in update_process_counts
:    stats = self.taskstats_connection.get_single_task_stats(thread)
:  File "/usr/lib/python2.7/site-packages/iotop/data.py", line 158, in get_single_task_stats
:    reply = GeNlMessage.recv(self.connection)
:  File "/usr/lib/python2.7/site-packages/iotop/genetlink.py", line 50, in recv
:    msg = conn.recv()
:  File "/usr/lib/python2.7/site-packages/iotop/netlink.py", line 229, in recv
:    raise err
:OSError: Netlink error: Operation not permitted (1)
:
:Local variables in innermost frame:
:err: OSError('Netlink error: Operation not permitted (1)',)
:seq: 2
:contents: '0\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00q\xef\xff\xff\xff\xff\xff\xff\x1c\x00\x00\x00\x17\x00\x01\x00\x02\x00\x00\x00q\xef\xff\xff\x01\x00\x00\x00\x08\x00\x01\x00\x01\x00\x00\x00'
:errno: 1
:self: <iotop.netlink.Connection instance at 0x7f3907e452d8>
:pid: 4294963057
:nlgrps: 0
:flags: 0
:msglen: 48
:nlpid: 0
:msg: <netlink.Message type=2, pid=4294963057, seq=2, flags=0x0 "'\xff\xff\xff\xff\x1c\x00\x00\x00\x17\x00\x01\x00\x02\x00\x00\x00q\xef\xff\xff\x01\x00\x00\x00\x08\x00\x01\x00\x01\x00\x00\x00'">
:os: <module 'os' from '/usr/lib64/python2.7/os.pyc'>
:msg_type: 2

smolt_data:
:
:
:General
:=================================
:UUID: c69a2e65-3845-43b3-a823-10db488d21c2
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.utf8
:Platform: x86_64
:BogoMIPS: 3325.36
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Atom(TM) CPU N450   @ 1.66GHz
:CPU Stepping: 10
:CPU Family: 6
:CPU Model Num: 28
:Number of CPUs: 2
:CPU Speed: 1666
:System Memory: 1990
:System Swap: 1999
:Vendor: Hewlett-Packard
:System: HP Mini 5102 
:Form factor: Notebook
:Kernel: 3.1.0-0.rc8.git0.0.fc16.x86_64
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Permissive
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(32902:40977:4156:13907) pci, i915, VIDEO, N10 Family Integrated Graphics Controller
:(32902:40978:4156:13907) pci, None, VIDEO, N10 Family Integrated Graphics Controller
:(32902:10192:4156:13907) pci, pcieport, PCI/PCI, N10/ICH 7 Family PCI Express Port 1
:(32902:10172:4156:13907) pci, None, PCI/ISA, NM10 Family LPC Controller
:(5348:17173:4156:5384) pci, wl, NETWORK, BCM4312 802.11b/g LP-PHY
:(32902:10200:4156:13907) pci, snd_hda_intel, MULTIMEDIA, N10/ICH 7 Family High Definition Audio Controller
:(32902:10177:4156:13907) pci, ahci, STORAGE, N10/ICH7 Family SATA AHCI Controller
:(32902:10196:4156:13907) pci, pcieport, PCI/PCI, N10/ICH 7 Family PCI Express Port 3
:(32902:9288:0:0) pci, None, PCI/PCI, 82801 Mobile PCI Bridge
:(4523:17281:4156:13907) pci, sky2, ETHERNET, Yukon Optima 88E8059 [PCIe Gigabit Ethernet Controller with AVB]
:(32902:10198:4156:13907) pci, pcieport, PCI/PCI, N10/ICH 7 Family PCI Express Port 4
:(32902:10185:4156:13907) pci, uhci_hcd, USB, N10/ICH 7 Family USB UHCI Controller #2
:(32902:10184:4156:13907) pci, uhci_hcd, USB, N10/ICH 7 Family USB UHCI Controller #1
:(32902:40976:4156:13907) pci, agpgart-intel, HOST/PCI, N10 Family DMI Bridge
:(32902:10186:4156:13907) pci, uhci_hcd, USB, N10/ICH 7 Family USB UHCI Controller #3
:(32902:10187:4156:13907) pci, uhci_hcd, USB, N10/ICH 7 Family USB UHCI Controller #4
:(32902:10188:4156:13907) pci, ehci_hcd, USB, N10/ICH 7 Family USB2 EHCI Controller
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/sda2 / btrfs 4096 4096 17664000 14397916 13472650 0 0 0
:/dev/sda1 /boot ext4 4096 4096 251974 230012 217212 64000 63955 63955
:/dev/mapper/luks-a8817b52-8711-4e8c-a648-9b88a282b5d5 /home ext4 4096 4096 58772441 47347558 44362073 14934016 14864798 14864798
:
Comment 1 Lukas Bezdicka 2011-10-03 09:05:22 UTC 
Package: iotop-0.4.3-1.fc16
Architecture: x86_64
OS Release: Fedora release 16 (Verne)

Comment
-----
iotop as normal user.
Comment 2 Michal Hlavinka 2011-10-06 13:44:05 UTC 
*** Bug 742803 has been marked as a duplicate of this bug. ***
Comment 3 Dave Jones 2011-10-06 14:02:58 UTC 
This is an intentional change in the kernel.

commit 1a51410abe7d0ee4b1d112780f46df87d3621043
Author: Linus Torvalds <torvalds>
Date:   Mon Sep 19 17:04:37 2011 -0700

    Make TASKSTATS require root access
    
    Ok, this isn't optimal, since it means that 'iotop' needs admin
    capabilities, and we may have to work on this some more.  But at the
    same time it is very much not acceptable to let anybody just read
    anybody elses IO statistics quite at this level.
Comment 4 Michal Hlavinka 2011-10-06 14:02:58 UTC 
Some information about this bug:

iotop uses netlink to get information about io stats. Because of kernel bug fix CVE-2011-2494, this requires root privileges now. iotop does not expect this, that's why it's failing instead of reporting "you need root privileges for this".

You can get rid of this traceback simply by changing /usr/lib/python2.6/site-packages/iotop/data.py line 162 to ignore EPERM. Even with this change, iotop will run, but won't show anything. It won't allow you to see foreign processes nor your processes, because whole netlink communication is gone. 

Some stats are available in /proc/<pid>/io where user permissions are enough to read stats about user's own processes. So iotop needs bigger change to make it at least little usable for regular users again. I'll get to this later (my todo list is too long right now), so meanwhile patches are welcome if someone wants to work on this.
Comment 5 nucleo 2011-10-06 17:17:01 UTC 
Is it possible to use capabilities for iotop?
Comment 6 Adel Gadllah 2011-10-11 12:21:13 UTC 
(In reply to comment #3)
> This is an intentional change in the kernel.
> 
> commit 1a51410abe7d0ee4b1d112780f46df87d3621043
> Author: Linus Torvalds <torvalds>
> Date:   Mon Sep 19 17:04:37 2011 -0700
> 
>     Make TASKSTATS require root access
> 
>     Ok, this isn't optimal, since it means that 'iotop' needs admin
>     capabilities, and we may have to work on this some more.  But at the
>     same time it is very much not acceptable to let anybody just read
>     anybody elses IO statistics quite at this level.

So a patch from Linus "breaks" a userspace app? ;)

Anyway not sure what to do about this ... we could make iotop just bail out for non root users. Optimally the kernel would just limit access to tasks of the accessing user when != root.
Comment 7 Michal Hlavinka 2011-10-11 14:18:46 UTC 
*** Bug 745091 has been marked as a duplicate of this bug. ***
Comment 8 Vaclav "sHINOBI" Misek 2011-10-12 22:09:45 UTC 
Package: iotop-0.4.3-1.fc16
Architecture: x86_64
OS Release: Fedora release 16 (Verne)

Comment
-----
Start iotop as normal user. It works under root.
Comment 9 Sanne Bregman 2011-10-17 14:07:08 UTC 
Package: iotop-0.4.3-1.fc16
Architecture: x86_64
OS Release: Fedora release 16 (Verne)

Comment
-----
I started iotop as non-root user.
Comment 10 Hedayat Vatankhah 2011-11-04 10:15:55 UTC 
Package: iotop-0.4.3-1.fc16
Architecture: x86_64
OS Release: Fedora release 16 (Verne)

Comment
-----
Run iotop by a normal user...
Comment 11 Hedayat Vatankhah 2012-07-13 09:33:21 UTC 
Well, IMHO the bug is fixed. At least there are no crashes.