216033 – [RHEL5 Beta2] device-mapper-multipath: multipathd doesn't reconfigure map when path deletion if selinux is enabled.

Bug 216033 - [RHEL5 Beta2] device-mapper-multipath: multipathd doesn't reconfigure map when path deletion if selinux is enabled.

Summary: [RHEL5 Beta2] device-mapper-multipath: multipathd doesn't reconfigure map whe...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	device-mapper-multipath
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Ben Marzinski
QA Contact:	Corey Marthaler
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-16 20:49 UTC by Kiyoshi Ueda
Modified:	2010-01-12 02:36 UTC (History)
CC List:	14 users (show)
Fixed In Version:	5.0.0
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-13 21:41:45 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kiyoshi Ueda 2006-11-16 20:49:54 UTC

Description of problem:
multipathd doesn't reconfigure map when path deletion event occurs
if selinux is enabled.


Version-Release number of selected component:
device-mapper-multipath-0.4.7-5.2
selinux-policy-2.4.3-8.el5
kernel-2.6.18-1.2747.el5
device-mapper-1.02.12-2.el5


How reproducible:
Always


Steps to Reproduce:
 1. Enable selinux
 2. Create multipath map
        # multipath
 3. Start multipathd
        # /etc/init.d/multipathd start
 4. Delete one path from the multipath map
    (Assume that the multipath map consists of /dev/sdg and /dev/sdh.)
        # echo 1 > /sys/block/sdh/device/delete


Actual results:
/dev/sdh isn't removed from the multipath map.
------------------------------------------------------------------------
[root@nec-tx7-1 ~]# multipath
create: disk2 (1NEC_iStorage_2000_000000092680024600002)  NEC,iStorage 2000
[size=67G][features=0][hwhandler=0]
\_ round-robin 0 [prio=1][undef]
 \_ 4:0:0:2  sdg 8:96  [undef][ready]
\_ round-robin 0 [prio=1][undef]
 \_ 5:0:0:2  sdh 8:112 [undef][ready]
[root@nec-tx7-1 ~]# /etc/init.d/multipathd start
Starting multipathd daemon:                                [  OK  ]
[root@nec-tx7-1 ~]# echo 1 > /sys/block/sdh/device/delete
[root@nec-tx7-1 ~]# dmsetup table
disk2: 0 139841536 multipath 0 0 2 1 round-robin 0 1 1 8:96 1000 round-robin 0 1
1 8:112 1000
[root@nec-tx7-1 ~]# dmsetup status
disk2: 0 139841536 multipath 1 0 0 2 1 A 0 1 0 8:96 A 0 E 0 1 0 8:112 F 1
[root@nec-tx7-1 ~]#
------------------------------------------------------------------------


Expected results:
multipathd should remove /dev/sdh from the multipath map.



Additional info:
"multipathd -v3" log messages when the path deletion event occurs
are below.  multipathd seems not to receive uevent.
When selinux is disabled, map reconfigure to delete the path works fine.
------------------------------------------------------------------------
Nov 16 14:28:22 nec-tx7-1 multipathd: sdg: mask = 0x8
Nov 16 14:28:22 nec-tx7-1 multipathd: sdg: prio = 1
Nov 16 14:28:22 nec-tx7-1 multipathd: sdh: readsector0 checker reports path is down
Nov 16 14:28:22 nec-tx7-1 multipathd: checker failed path 8:112 in map disk2
Nov 16 14:28:22 nec-tx7-1 kernel: scsi 5:0:0:2: rejecting I/O to dead device
Nov 16 14:28:22 nec-tx7-1 kernel: device-mapper: multipath: Failing path 8:112.
Nov 16 14:28:22 nec-tx7-1 multipathd: disk2: remaining active paths: 1
Nov 16 14:28:22 nec-tx7-1 multipathd: disk2: devmap event #2
Nov 16 14:28:22 nec-tx7-1 multipathd: disk2: discover
Nov 16 14:28:22 nec-tx7-1 multipathd: disk2: rr_weight = 1 (internal default)
Nov 16 14:28:22 nec-tx7-1 multipathd: disk2: pgfailover = -1 (internal default)
Nov 16 14:28:22 nec-tx7-1 multipathd: disk2: no_path_retry = NONE (internal default)
Nov 16 14:28:22 nec-tx7-1 multipathd: pg_timeout = NONE (internal default)
Nov 16 14:28:27 nec-tx7-1 kernel: scsi 5:0:0:2: rejecting I/O to dead device
Nov 16 14:28:27 nec-tx7-1 multipathd: sdh: readsector0 checker reports path is down
Nov 16 14:28:27 nec-tx7-1 multipathd: sdh: mask = 0x8
Nov 16 14:28:32 nec-tx7-1 kernel: scsi 5:0:0:2: rejecting I/O to dead device
Nov 16 14:28:32 nec-tx7-1 multipathd: sdh: readsector0 checker reports path is down
Nov 16 14:28:32 nec-tx7-1 multipathd: sdh: mask = 0x8
------------------------------------------------------------------------

Comment 1 Ben Marzinski 2006-12-01 00:05:05 UTC

I'm not sure if it was the fixes for 215973, or some other changes to the
SELinux policy, but with the latest selinux policies, I cannot see this. Can you
check as
see if this is resolved? You may need to run restorecon /var/lib/multipath if
the context for it is incorrect. It should be:

[root@cypher-01 SPECS]# ls -Z /var/lib/ | grep multipath
drwxr-xr-x  root   root    system_u:object_r:lvm_var_lib_t  multipath

My fix for 215973 should keep people from having to do this.

Comment 2 Jun'ichi NOMURA 2006-12-01 17:17:02 UTC

Ben, with the following procedure, the problem seems disappeared.
I guess if the new selinux-policy is included in the distribution,
'rm /var/run/multipathd.sock' isn't needed, right?

I applied selinux-policy update.
  # rpm -Uvh /root/selinux-policy-*-2.4.5-4.el5.noarch.rpm
  # ls -Zd /var/lib/multipath
  drwx------  root root system_u:object_r:lvm_var_lib_t  /var/lib/multipath

Then, remove existing /var/run/multipathd.sock.
  # ls -Z /var/run/multipathd.sock 
  srwxrwxrwx  root root root:object_r:var_run_t          /var/run/multipathd.sock

Start the daemon.
  # /etc/init.d/multipathd start
  Starting multipathd daemon:                                [  OK  ]
  # ls -Z /var/run/multipathd.sock 
  srwxrwxrwx  root root root:object_r:lvm_var_run_t      /var/run/multipathd.sock
  # multipath -l disk2
  disk2 (1NEC_iStorage_2000_000000092680024600002) dm-2 NEC,iStorage 2000
  [size=67G][features=1 queue_if_no_path][hwhandler=0]
  \_ round-robin 0 [prio=0][active]
   \_ 5:0:0:2  sdg 8:96  [active][undef]
   \_ 4:0:0:2  sdh 8:112 [active][undef]
  # echo 1 > /sys/block/sdh/device/delete [root@nec-tx7-1 ~]# multipath -l disk2
  disk2 (1NEC_iStorage_2000_000000092680024600002) dm-2 NEC,iStorage 2000
  [size=67G][features=1 queue_if_no_path][hwhandler=0]
  \_ round-robin 0 [prio=0][enabled]
   \_ 5:0:0:2  sdg 8:96  [active][undef]

Before the multipathd.sock wasn't removed, multipathd was killed after
start up with the following syslog message:
  Dec  1 11:19:14 nec-tx7-1 setroubleshoot:      SELinux is preventing
  /sbin/multipathd (lvm_t) "unlink" to multipathd.sock (var_run_t).
  See audit.log for complete SELinux messages. id =
002b8fa3-dbea-492a-a12d-358defb9d83d
and the map was not updated after the path failure.

Comment 3 Ben Marzinski 2006-12-04 18:41:27 UTC

Yes. since the policy is included from the start, multipathd should always create
multipathd.sock with the correct context.

Note You need to log in before you can comment on or make changes to this bug.