Bug 1013653 - [oo-su] ArgumentError when using -d
Summary: [oo-su] ArgumentError when using -d
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Containers
Version: 2.x
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Michal Fojtik
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-30 14:17 UTC by Kenny Woodson
Modified: 2015-05-14 23:29 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-17 13:33:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Kenny Woodson 2013-09-30 14:17:06 UTC
Description of problem:

When calling oo-su -d $UUID -c /bin/true I am seeing an ArgumentError.


Exception `ArgumentError' at /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-node-1.14.7/lib/openshift-origin-node/utils/selinux.rb:81 - can't find user for 1250

command: /sbin/runuser -m -s /bin/sh 520c70dadbd93c9d510000f2 -c "exec /usr/bin/runcon 'unconfined_u:system_r:openshift_t:s0:c1,c228' /bin/true"

The exit status is 0 meaning that it was correctly executed.



Version-Release number of selected component (if applicable):
openshift-origin-node-util-1.14.3-1.el6oso.noarch
openshift-origin-msg-node-mcollective-1.14.4-1.el6oso.noarch
rubygem-openshift-origin-node-1.14.7-1.el6oso.noarch


How reproducible:
Every time.

Steps to Reproduce:
1. oo-su -d $UUID -c /bin/true
2. Look at the ArgumentError
3.

Actual results:
ArgumentError is returned.

Expected results:
This should not throw any exceptions.

Additional info:

Line 81 inside of selinux.rb does the following:

            uid = Etc.getpwnam(name.to_s).uid

Executing this in IRB does the following:

>> Etc.getpwnam("520c70dadbd93c9d510000f2").uid
=> 1250

This appears to work.  Notice the message in the ArgumentError.  'can't find user for 1250'

A quick print statement before line 81 returns the UID for the user and _not_ the name which it is expecting:

NAME: => 1250


This could mean two things.  The function call was expecting the username and received the UID for the user _OR_ the call for getpwnam needs to be replaced with Etc.getpwuid(uid).  

The only issue with getpwuid is that we are fetching the uid when we already have it.

Comment 1 openshift-github-bot 2013-09-30 21:52:10 UTC
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/ca244c2676a9bbcce8dd136da38579503ba49c53
Bug 1013653 - Remove '.to_i' in oo-su command to avoid wrong user id

Comment 2 Peter Ruan 2013-10-02 19:33:21 UTC
still able to reproduce with devenv_3851

 [root@ip-10-185-15-146 ~]# oo-su -d 524c6e7be772ff45f1000004 -c /bin/true
Exception `ArgumentError' at /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-node-1.15.6/lib/openshift-origin-node/utils/selinux.rb:81 - can't find user for 1000
command: /sbin/runuser -m -s /bin/sh 524c6e7be772ff45f1000004 -c "exec /usr/bin/runcon 'unconfined_u:system_r:openshift_t:s0:c0,c1000' /bin/true"

Comment 3 Michal Fojtik 2013-10-03 14:21:34 UTC
Ahh you are right, I misread the bug... The solution is to remove duplicated 'getpwnam' from oo-su command, but instead pass the 'uuid' that we already have.

In this case no error is printed out and the command should work as expected.

Pull request (merging now): https://github.com/openshift/origin-server/pull/3766

Comment 4 openshift-github-bot 2013-10-03 17:24:59 UTC
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/d96c47912c3dd793f88d993f8a8aeeb5d8edb5dc
Bug 1013653 - Fix oo-su command so it is not duplicating the getpwnam call

Comment 5 Peter Ruan 2013-10-04 19:09:53 UTC
verified with devenv_3864
[root@ip-10-166-59-222 ~]# oo-su -d 524f120381224b5006000007 -c /bin/true
command: /sbin/runuser -m -s /bin/sh 524f120381224b5006000007 -c "exec /usr/bin/runcon 'unconfined_u:system_r:openshift_t:s0:c0,c1000' /bin/true"


Note You need to log in before you can comment on or make changes to this bug.