Description of problem: No output is printed to the terminal from lvm commands (lvdisplay, vgdisplay etc.) Version-Release number of selected component (if applicable): lvm2-2.02.16-3.el5 kernel-2.6.18-8.1.8.el5 How reproducible: Always Steps to Reproduce: 1. rlogin <hostname> 2. /usr/sbin/lvm help Actual results: command completes silently Expected results: help text should be displayed Additional info: The rlogin is not needed to reproduce in fc6. strace shows that the process is writing the help text to fd 2 as usual, but the output is just gone.
What about other commands that write to stderr - do they have similar problems? Is selinux enabled - if so, can you reproduce without?
Other programs can write to stderr. It appears to be an selinux issue as you suggest, at least in fc6 where I had immediate access to a machine where I could disable it. (I will try disabling in also in RHEL5 to verify, but it has to wait until tomorrow.) But selinux not allowing terminal output from lvm commands seems a bit restrictive, or is it just me getting hit by this?
I have verified it is selinux by making a clean installation of rhel5 by these steps: 1. Install rhel5 x86_64 client with selinux enforced 2. install rsh-server 3. enable rlogin in /etc/xinetd.d/rlogin 4. add rlogin to /etc/securetty 5. start xinted 6. run 'lvm help' (help text is printed) 7. rlogin localhost 8. run 'lvm help' (help text is not printed) 9. run 'setenforce 0' 10. run 'lvm help' (help text is printed)
So ensure selinux is logging failures and see what the precise error messages are.
type=AVC msg=audit(1194462466.874:404): avc: denied { read write } for pid=11867 comm="lvm" name="10" dev=devpts ino=12 scontext=root:system_r:lvm_t:s0 tcontext=root:obj ect_r:rlogind_devpts_t:s0 tclass=chr_file I will attach the related part of audit.log as a file.
Created attachment 250671 [details] audit.log from 'lvm help' with selinux enforced
I understand now that I have reported this on wrong component, but is it rsh-server or selinux-policy or some other component that should have it? I was first hit by this in fc6 and it confused me that auditd in fc6 was silent and rlogin wasn't involved. I guess the fix for fc6 is an upgrade to f7. (But why isn't the write call failing when selinux blocks the output?)
I have created a new bz 374431 on the component selinux-policy and want to make this bz a duplicate of the new one. Bugzilla says: You tried to change the Status field from NEW to CLOSED, but only the owner or submitter of the bug, or a autorized user, may change that field. AFAIK I am the submitter of the bug.
Closing as duplicate per comment #8. *** This bug has been marked as a duplicate of 374431 ***