Bug 1013653 - [oo-su] ArgumentError when using -d
[oo-su] ArgumentError when using -d
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Michal Fojtik
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-30 10:17 EDT by Kenny Woodson
Modified: 2015-05-14 19:29 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-17 09:33:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kenny Woodson 2013-09-30 10:17:06 EDT
Description of problem:

When calling oo-su -d $UUID -c /bin/true I am seeing an ArgumentError.


Exception `ArgumentError' at /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-node-1.14.7/lib/openshift-origin-node/utils/selinux.rb:81 - can't find user for 1250

command: /sbin/runuser -m -s /bin/sh 520c70dadbd93c9d510000f2 -c "exec /usr/bin/runcon 'unconfined_u:system_r:openshift_t:s0:c1,c228' /bin/true"

The exit status is 0 meaning that it was correctly executed.



Version-Release number of selected component (if applicable):
openshift-origin-node-util-1.14.3-1.el6oso.noarch
openshift-origin-msg-node-mcollective-1.14.4-1.el6oso.noarch
rubygem-openshift-origin-node-1.14.7-1.el6oso.noarch


How reproducible:
Every time.

Steps to Reproduce:
1. oo-su -d $UUID -c /bin/true
2. Look at the ArgumentError
3.

Actual results:
ArgumentError is returned.

Expected results:
This should not throw any exceptions.

Additional info:

Line 81 inside of selinux.rb does the following:

            uid = Etc.getpwnam(name.to_s).uid

Executing this in IRB does the following:

>> Etc.getpwnam("520c70dadbd93c9d510000f2").uid
=> 1250

This appears to work.  Notice the message in the ArgumentError.  'can't find user for 1250'

A quick print statement before line 81 returns the UID for the user and _not_ the name which it is expecting:

NAME: => 1250


This could mean two things.  The function call was expecting the username and received the UID for the user _OR_ the call for getpwnam needs to be replaced with Etc.getpwuid(uid).  

The only issue with getpwuid is that we are fetching the uid when we already have it.
Comment 1 openshift-github-bot 2013-09-30 17:52:10 EDT
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/ca244c2676a9bbcce8dd136da38579503ba49c53
Bug 1013653 - Remove '.to_i' in oo-su command to avoid wrong user id
Comment 2 Peter Ruan 2013-10-02 15:33:21 EDT
still able to reproduce with devenv_3851

 [root@ip-10-185-15-146 ~]# oo-su -d 524c6e7be772ff45f1000004 -c /bin/true
Exception `ArgumentError' at /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-node-1.15.6/lib/openshift-origin-node/utils/selinux.rb:81 - can't find user for 1000
command: /sbin/runuser -m -s /bin/sh 524c6e7be772ff45f1000004 -c "exec /usr/bin/runcon 'unconfined_u:system_r:openshift_t:s0:c0,c1000' /bin/true"
Comment 3 Michal Fojtik 2013-10-03 10:21:34 EDT
Ahh you are right, I misread the bug... The solution is to remove duplicated 'getpwnam' from oo-su command, but instead pass the 'uuid' that we already have.

In this case no error is printed out and the command should work as expected.

Pull request (merging now): https://github.com/openshift/origin-server/pull/3766
Comment 4 openshift-github-bot 2013-10-03 13:24:59 EDT
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/d96c47912c3dd793f88d993f8a8aeeb5d8edb5dc
Bug 1013653 - Fix oo-su command so it is not duplicating the getpwnam call
Comment 5 Peter Ruan 2013-10-04 15:09:53 EDT
verified with devenv_3864
[root@ip-10-166-59-222 ~]# oo-su -d 524f120381224b5006000007 -c /bin/true
command: /sbin/runuser -m -s /bin/sh 524f120381224b5006000007 -c "exec /usr/bin/runcon 'unconfined_u:system_r:openshift_t:s0:c0,c1000' /bin/true"

Note You need to log in before you can comment on or make changes to this bug.