Bug 213095 - Success code is being written in ricci queue member when operation fails
Success code is being written in ricci queue member when operation fails
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: conga (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Stanko Kupcevic
Corey Marthaler
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-30 15:14 EST by Len DiMaggio
Modified: 2009-04-16 18:35 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-30 15:42:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ricci queue entry (1.20 KB, application/octet-stream)
2006-10-30 15:14 EST, Len DiMaggio
no flags Details
Same as previous attachment, with mime set to text/plain (1.20 KB, text/plain)
2006-10-30 15:34 EST, Stanko Kupcevic
no flags Details

  None (edit)
Description Len DiMaggio 2006-10-30 15:14:16 EST
Description of problem:

Success code is being written in ricci queue member when operation fails - the
situation is that the creation of a new cluster is failing due to the SELinux
policy denying cman from writing into the /etc/cluster dir. The entry written
into the ricci queue reported a status of 0 (success) for the set_cluster.conf
function

Version-Release number of selected component (if applicable):
luci-0.8-21.el5,  ricci-0.8-21.el5 (RHEL5-Server-20061027.0)

How reproducible:
100% - if the SELinux policy prevents cman from writing to /etc/cluster

Steps to Reproduce:
1. Use the 2.4.1-4 policy
2. Create a new cluster
  
Actual results:
The cluster creation fails - as it should - see the first attachment for the
corresponding ricci queue entry

Expected results:
I would have expected the set_cluster.conf function to return a non 0 value.

Additional info:
See the attachment.

The cman (ccsd) process did pick up the cluster.conf for another cluster (these
machines are in the cluser/GFS test lab). These seems like a valid - if maybe an
edge case) configuration to have multiple clusters in the same subnet.
Comment 1 Len DiMaggio 2006-10-30 15:14:16 EST
Created attachment 139763 [details]
ricci queue entry
Comment 2 Stanko Kupcevic 2006-10-30 15:34:42 EST
Created attachment 139769 [details]
Same as previous attachment, with mime set to text/plain
Comment 3 Stanko Kupcevic 2006-10-30 15:42:13 EST
set_cluster.conf has nothing to do with cman, it just writes cluster.conf passed
to it to /etc/cluster/. Therefore, if it actually has writen it to the
/etc/cluster/, it should return success value.

Feel free to reopen.
Comment 4 Len DiMaggio 2006-10-30 16:20:13 EST
I'll look at this again - maybe what's happening is that ricci is writing the
cluster.conf file to /etc/cluster and some process (cman or ccsd?) is
over-writing it?
Comment 5 Len DiMaggio 2006-10-30 16:39:38 EST
Not reopening this one yet, but something seems to be wrong here. Seeing this in
the audit log:

type=AVC msg=audit(1162225206.241:138): avc:  denied  { ptrace } for  pid=2077
comm="pidof" scontext=system_u:system_r:ricci_modcluster_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=process

type=SYSCALL msg=audit(1162225206.241:138): arch=40000003 syscall=85 success=yes
exit=12 a0=bff36fe8 a1=86eaa70 a2=1000 a3=86e8928 items=0 ppid=2076 pid=2077
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="pidof" exe="/sbin/killall5"
subj=system_u:system_r:ricci_modcluster_t:s0 key=(null)

type=AVC msg=audit(1162225206.257:139): avc:  denied  { write } for  pid=2080
comm="cman_tool" name="ccsd.sock" dev=dm-0 ino=3388394
scontext=system_u:system_r:ricci_modcluster_t:s0
tcontext=system_u:object_r:ccs_var_run_t:s0 tclass=sock_file

type=SYSCALL msg=audit(1162225206.257:139): arch=40000003 syscall=102
success=yes exit=0 a0=3 a1=bf8c2ad0 a2=805116c a3=3 items=0 ppid=2079 pid=2080
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="cman_tool" exe="/usr/sbin/cman_tool"
subj=system_u:system_r:ricci_modcluster_t:s0 key=(null)

Note You need to log in before you can comment on or make changes to this bug.