Bug 213095 - Success code is being written in ricci queue member when operation fails
Summary: Success code is being written in ricci queue member when operation fails
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: conga
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Stanko Kupcevic
QA Contact: Corey Marthaler
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-30 20:14 UTC by Len DiMaggio
Modified: 2009-04-16 22:35 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-10-30 20:42:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
ricci queue entry (1.20 KB, application/octet-stream)
2006-10-30 20:14 UTC, Len DiMaggio
no flags Details
Same as previous attachment, with mime set to text/plain (1.20 KB, text/plain)
2006-10-30 20:34 UTC, Stanko Kupcevic
no flags Details

Description Len DiMaggio 2006-10-30 20:14:16 UTC
Description of problem:

Success code is being written in ricci queue member when operation fails - the
situation is that the creation of a new cluster is failing due to the SELinux
policy denying cman from writing into the /etc/cluster dir. The entry written
into the ricci queue reported a status of 0 (success) for the set_cluster.conf
function

Version-Release number of selected component (if applicable):
luci-0.8-21.el5,  ricci-0.8-21.el5 (RHEL5-Server-20061027.0)

How reproducible:
100% - if the SELinux policy prevents cman from writing to /etc/cluster

Steps to Reproduce:
1. Use the 2.4.1-4 policy
2. Create a new cluster
  
Actual results:
The cluster creation fails - as it should - see the first attachment for the
corresponding ricci queue entry

Expected results:
I would have expected the set_cluster.conf function to return a non 0 value.

Additional info:
See the attachment.

The cman (ccsd) process did pick up the cluster.conf for another cluster (these
machines are in the cluser/GFS test lab). These seems like a valid - if maybe an
edge case) configuration to have multiple clusters in the same subnet.

Comment 1 Len DiMaggio 2006-10-30 20:14:16 UTC
Created attachment 139763 [details]
ricci queue entry

Comment 2 Stanko Kupcevic 2006-10-30 20:34:42 UTC
Created attachment 139769 [details]
Same as previous attachment, with mime set to text/plain

Comment 3 Stanko Kupcevic 2006-10-30 20:42:13 UTC
set_cluster.conf has nothing to do with cman, it just writes cluster.conf passed
to it to /etc/cluster/. Therefore, if it actually has writen it to the
/etc/cluster/, it should return success value.

Feel free to reopen.

Comment 4 Len DiMaggio 2006-10-30 21:20:13 UTC
I'll look at this again - maybe what's happening is that ricci is writing the
cluster.conf file to /etc/cluster and some process (cman or ccsd?) is
over-writing it?

Comment 5 Len DiMaggio 2006-10-30 21:39:38 UTC
Not reopening this one yet, but something seems to be wrong here. Seeing this in
the audit log:

type=AVC msg=audit(1162225206.241:138): avc:  denied  { ptrace } for  pid=2077
comm="pidof" scontext=system_u:system_r:ricci_modcluster_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=process

type=SYSCALL msg=audit(1162225206.241:138): arch=40000003 syscall=85 success=yes
exit=12 a0=bff36fe8 a1=86eaa70 a2=1000 a3=86e8928 items=0 ppid=2076 pid=2077
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="pidof" exe="/sbin/killall5"
subj=system_u:system_r:ricci_modcluster_t:s0 key=(null)

type=AVC msg=audit(1162225206.257:139): avc:  denied  { write } for  pid=2080
comm="cman_tool" name="ccsd.sock" dev=dm-0 ino=3388394
scontext=system_u:system_r:ricci_modcluster_t:s0
tcontext=system_u:object_r:ccs_var_run_t:s0 tclass=sock_file

type=SYSCALL msg=audit(1162225206.257:139): arch=40000003 syscall=102
success=yes exit=0 a0=3 a1=bf8c2ad0 a2=805116c a3=3 items=0 ppid=2079 pid=2080
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="cman_tool" exe="/usr/sbin/cman_tool"
subj=system_u:system_r:ricci_modcluster_t:s0 key=(null)



Note You need to log in before you can comment on or make changes to this bug.