Bug 883124

Summary: ovirt-guest-agent will not run with pam_namespace polyinstantiated directories
Product: Red Hat Enterprise Virtualization Manager Reporter: Luke Meyer <lmeyer>
Component: ovirt-guest-agentAssignee: Vinzenz Feenstra [evilissimo] <vfeenstr>
Status: CLOSED ERRATA QA Contact: Luke Meyer <lmeyer>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: bazulay, dyasny, iheim, mkenneth, sgrinber, sreichar
Target Milestone: ---   
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: sf10 Doc Type: Bug Fix
Doc Text:
Cause: The ovirtagent user had their home on root (/) which was not writable for the user, so the login of the ovirtagent failed. Consequence: The ovirt-guest-agent service wasn't able to run. Fix: The ovirtagent user now get's a home directory in /usr/share/ovirt-guest-agent Result: The now successfully starts when polyinstanticated directories via pam_namespace are configured.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-10 20:12:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 922807    

Description Luke Meyer 2012-12-03 20:19:13 UTC 
Description of problem:
Per bug 872613 - having a home directory of / causes problems under pam_namespace polyinstantiation, which causes the agent to fail with very little sign of what's going wrong.

Version-Release number of selected component (if applicable):
rhevm-guest-agent-1.0.5-3.el6ev.x86_64

Steps to Reproduce:
1. Install agent on guest VM
2. Install pam_openshift from the OpenShift Infrastructure channel or otherwise enable polyinstantiation with pam_namespace
3. Add to /etc/pam.d/runuser "session required pam_namespace.so no_unmount_on_close"
4. Try to (re)start the agent  

Actual results:
Starting ovirt-guest-agent: could not open session
                                                           [FAILED]

Expected results:
Normal startup

Additional info:
A simple fix for this is to give ovirtagent a home directory other than "/" - I changed it to /usr/share/ovirt-guest-agent in /etc/passwd and it started fine again.
Comment 1 Luke Meyer 2012-12-03 20:36:36 UTC 
*** Bug 872613 has been marked as a duplicate of this bug. ***
Comment 8 Vinzenz Feenstra [evilissimo] 2013-03-11 08:20:30 UTC 
Merged upstream as: 517cf4082f027e2496128e8bfe4fdf2149fa33a0

http://gerrit.ovirt.org/gitweb?p=ovirt-guest-agent.git;a=commit;h=517cf4082f027e2496128e8bfe4fdf2149fa33a0
Comment 10 Cheryn Tan 2013-04-09 04:17:18 UTC 
This bug is currently attached to errata RHEA-2013:14354. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag.

Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information:

* Cause: What actions or circumstances cause this bug to present.

* Consequence: What happens when the bug presents.

* Fix: What was done to fix the bug.

* Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore')

Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug.

For further details on the Cause, Consequence, Fix, Result format please refer to:

https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes

Thanks in advance.
Comment 11 errata-xmlrpc 2013-06-10 20:12:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-0914.html