Bug 831906

Summary: sanlock: segfault with SANLOCKOPTS="-w 0" configuration
Product: Red Hat Enterprise Linux 6 Reporter: Alex Jia <ajia>
Component: sanlockAssignee: David Teigland <teigland>
Status: CLOSED ERRATA QA Contact: Haim <hateya>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.3CC: acathrow, berrange, bili, cluster-maint, cpelland, dyasny, dyuan, lnatapov, mzhan, yeylon
Target Milestone: rcKeywords: Reopened, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: sanlock-2.5-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 08:52:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 841992, 906027    

Description Alex Jia 2012-06-14 03:30:49 UTC 
Description of problem:
To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock then start sanlock service, sanlock will stop due to a segfault error and some selinux AVC denied error.

Version-Release number of selected component (if applicable):
# rpm -q sanlock kernel selinux-policy libvirt
sanlock-2.3-1.el6.x86_64
kernel-2.6.32-278.el6.x86_64
selinux-policy-3.7.19-154.el6.noarch
libvirt-0.9.10-21.el6.x86_64


How reproducible:
always

Steps to Reproduce:
1. To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock
2. open a new terminal then run tailf /var/log/messages
3. service sanlock start
4. service sanlock status
5. grep avc /var/log/audit/audit.log | grep sanlock
  
Actual results:
# service sanlock status
sanlock is stopped

# service sanlock start
Starting sanlock:                                          [  OK  ]

# service sanlock status
sanlock is stopped

Expected results:
Can successfull start sanlock service without segfault error.

Additional info:

# tailf /var/log/messages

<snip>

Jun 14 11:05:13 intel-8400-8-1 kernel: sanlock[29558]: segfault at 8 ip 00007fee0c8dc5a1 sp 00007fff1daa0ad8 error 4 in libc-2.12.so[7fee0c85c000+189000]
Jun 14 11:05:13 intel-8400-8-1 abrtd: Directory 'ccpp-2012-06-14-11:05:13-29558' creation detected
Jun 14 11:05:13 intel-8400-8-1 abrt[29560]: Saved core dump of pid 29558 (/usr/sbin/sanlock) to /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558 (16183296 bytes)
Jun 14 11:05:13 intel-8400-8-1 abrtd: Package 'sanlock' isn't signed with proper key
Jun 14 11:05:13 intel-8400-8-1 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2012-06-14-11:05:13-29558' exited with 1
Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting
Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting

</snip>

Unfortunately, core dump file is also deleted due to some errors.

# cat /etc/sysconfig/sanlock 
SANLOCKOPTS="-w 0"

# service wdmd status
wdmd is stopped

# getsebool -a | grep sanlock
sanlock_use_nfs --> off
sanlock_use_samba --> off
virt_use_sanlock --> on

# grep avc /var/log/audit/audit.log | grep sanlock

<snip>

type=AVC msg=audit(1339315900.009:41782): avc:  denied  { signal } for  pid=22908 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1339315900.009:41783): avc:  denied  { setgid } for  pid=22909 comm="sanlock" capability=6  scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(1339316617.086:41791): avc:  denied  { search } for  pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=AVC msg=audit(1339316617.086:41791): avc:  denied  { read } for  pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file

</snip>

Will also file a selinux-policy bug to trace this issue.
Comment 2 David Teigland 2012-07-09 21:42:18 UTC 

*** This bug has been marked as a duplicate of bug 838654 ***
Comment 3 David Teigland 2012-07-13 15:26:54 UTC 
deconsolidating
Comment 6 Leonid Natapov 2012-12-17 15:26:31 UTC 
sanlock-2.6-2.el6.x86_64
no segfault when  SANLOCKOPTS="-w 0" activated in  /etc/sysconfig/sanlock
sanlock service can be successfully started.
Comment 8 errata-xmlrpc 2013-02-21 08:52:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0530.html