Bug 1712053 - tmux session not attached automatically during manual installation on s390x
Summary: tmux session not attached automatically during manual installation on s390x
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssh
Version: 7.7
Hardware: s390x
OS: Linux
high
high
Target Milestone: beta
: ---
Assignee: Jakub Jelen
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks: 1670353
TreeView+ depends on / blocked
 
Reported: 2019-05-20 16:43 UTC by Jan Stodola
Modified: 2019-08-06 12:58 UTC (History)
5 users (show)

Fixed In Version: openssh-7.4p1-20.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-06 12:57:51 UTC
Target Upstream Version:


Attachments (Terms of Use)
program.log (1.13 KB, text/plain)
2019-05-20 16:51 UTC, Jan Stodola
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2143 None None None 2019-08-06 12:58:04 UTC

Description Jan Stodola 2019-05-20 16:43:32 UTC
Description of problem:
tmux session is not attached automatically when the user connects to the installation environment via ssh (ssh install@machine) to continue with the installation on s390x:

[jstodola@localhost ~]$ ssh install@10.16.105.198
Warning: Permanently added '10.16.105.198' (ECDSA) to the list of known hosts.
-bash: /sbin/consoletype: No such file or directory
[anaconda root@rtt7 ~]#

You can see that tmux is running:

[anaconda root@rtt7 ~]# pstree
systemd-+-NetworkManager---2*[{NetworkManager}]
        |-agetty
        |-bash
        |-dbus-daemon---{dbus-daemon}
        |-lvmetad
        |-multipathd---5*[{multipathd}]
        |-polkitd---6*[{polkitd}]
        |-rngd
        |-rsyslogd---3*[{rsyslogd}]
        |-sshd---sshd---bash---pstree
        |-systemd-journal
        |-systemd-logind
        |-systemd-udevd
        `-tmux-+-anaconda---3*[{anaconda}]
               |-bash
               `-3*[tail]

and it's possible to attach to it manually:

[anaconda root@rtt7 ~]# grep install /etc/passwd
install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda
[anaconda root@rtt7 ~]# /usr/libexec/anaconda/run-anaconda



Version-Release number of selected component (if applicable):
RHEL-7.7-20190514.2
anaconda-21.48.22.154-1.el7


How reproducible:
always

Steps to Reproduce:
1. start manual installation on s390x
2. login via ssh to continue with the installation when asked (ssh install@machine)

Actual results:
tmux session is not attached to be able to continue with the installation (it's not possible to select text/VNC mode)

Expected results:
tmux session is attached automatically after login via ssh

Comment 4 Jan Stodola 2019-05-20 16:51:54 UTC
Created attachment 1571342 [details]
program.log

Comment 5 Jan Stodola 2019-05-20 17:42:34 UTC
Reproduced on installed system with openssh-7.4p1-19.el7 configured in a similar way like the installation environment:
(see https://github.com/weldr/lorax/blob/rhel7-branch/share/runtime-postinstall.tmpl#L78)

[root@rtt7 ~]# useradd -u 0 -g 0 --non-unique -s /bin/false install
[root@rtt7 ~]# passwd install
Changing password for user install.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@rtt7 ~]# grep install /etc/passwd
install:x:0:0::/home/install:/bin/false
[root@rtt7 ~]#

Login as the "install" user is successful, although it should not be allowed due to "/bin/false" login shell:

[jstodola@localhost ~]$ ssh install@10.16.105.198
Warning: Permanently added '10.16.105.198' (ECDSA) to the list of known hosts.
install@10.16.105.198's password: 
Last login: Mon May 20 13:31:31 2019 from 10.43.17.23
[root@rtt7 ~]#


The same steps on RHEL-7.6 with openssh-7.4p1-16.el7 work as expected, login is not successful:

[jstodola@localhost ~]$ ssh install@10.16.105.197
Warning: Permanently added '10.16.105.197' (ECDSA) to the list of known hosts.
install@10.16.105.197's password: 
Last login: Mon May 20 13:26:28 2019 from 10.43.17.23
Connection to 10.16.105.197 closed.
[jstodola@localhost ~]$

Switching the component to openssh.

Comment 6 Jakub Jelen 2019-05-21 08:39:26 UTC
It looks like the fix for #1674541 is wrong, I don't want to say on the first sight since I saw that patch few times before and it did not occur to me that it might be a problem. The pw structure that is updated needs to be copied, otherwise it will get updated by some other consecutive call to getpwnam or getpwuid().

Can you check that it works for you with the following scratch build:

https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=21767044

This is indeed a big issue and I am glad we figured it out before the release.

Comment 7 Jan Stodola 2019-05-21 08:54:43 UTC
Unfortunately the scratch build from comment 6 doesn't fix the problem:

[jstodola@localhost ~]$ ssh install@10.16.105.197
Warning: Permanently added '10.16.105.197' (ECDSA) to the list of known hosts.
install@10.16.105.197's password: 
Last login: Tue May 21 04:49:32 2019 from 10.43.17.23
[root@rtt6 ~]# rpm -q openssh-server
openssh-server-7.4p1-19.1.el7.s390x
[root@rtt6 ~]# grep install /etc/passwd
install:x:0:0::/home/install:/bin/false
[root@rtt6 ~]#

Comment 10 Jakub Jelen 2019-05-21 14:04:24 UTC
I modified the patch bit more, making sure that it does not free the old pw that is owned by the authctx structure and that it is copied using the same means as it was created. This is a scratch build (at least for CI) that should no longer have this problem.

https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=21767841

In context of bug #1674541 I think for that one to work, we would need to be able to invalidate also the supplementary group list cache in uidswap.c, but there is no sensible API at this moment to do that properly.

The other possibility is to revert the patch completely, since it was not possible to verify that it solves the underlying problem so far.

Anyway, I plan to fix this later today.

Comment 17 errata-xmlrpc 2019-08-06 12:57:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:2143


Note You need to log in before you can comment on or make changes to this bug.