Bug 368041 - No output from lvm commands
No output from lvm commands
Status: CLOSED DUPLICATE of bug 374431
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: lvm2 (Show other bugs)
5.0
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Milan Broz
Corey Marthaler
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-06 04:26 EST by Olle Liljenzin
Modified: 2013-02-28 23:05 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-04 06:59:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audit.log from 'lvm help' with selinux enforced (5.45 KB, text/plain)
2007-11-07 14:42 EST, Olle Liljenzin
no flags Details

  None (edit)
Description Olle Liljenzin 2007-11-06 04:26:47 EST
Description of problem:
No output is printed to the terminal from lvm commands (lvdisplay, vgdisplay etc.) 

Version-Release number of selected component (if applicable):
lvm2-2.02.16-3.el5
kernel-2.6.18-8.1.8.el5

How reproducible:
Always

Steps to Reproduce:
1. rlogin <hostname>
2. /usr/sbin/lvm help
  
Actual results:
command completes silently

Expected results:
help text should be displayed

Additional info:
The rlogin is not needed to reproduce in fc6.

strace shows that the process is writing the help text to fd 2 as usual, but the
output is just gone.
Comment 1 Alasdair Kergon 2007-11-06 08:40:53 EST
What about other commands that write to stderr - do they have similar problems?
Is selinux enabled - if so, can you reproduce without?
Comment 2 Olle Liljenzin 2007-11-06 17:41:44 EST
Other programs can write to stderr.

It appears to be an selinux issue as you suggest, at least in fc6 where I had
immediate access to a machine where I could disable it. (I will try disabling in
also in RHEL5 to verify, but it has to wait until tomorrow.)

But selinux not allowing terminal output from lvm commands seems a bit
restrictive, or is it just me getting hit by this?
Comment 3 Olle Liljenzin 2007-11-07 08:22:50 EST
I have verified it is selinux by making a clean installation of rhel5 by these
steps:

1. Install rhel5 x86_64 client with selinux enforced
2. install rsh-server
3. enable rlogin in /etc/xinetd.d/rlogin
4. add rlogin to /etc/securetty
5. start xinted
6. run 'lvm help' (help text is printed)
7. rlogin localhost
8. run 'lvm help' (help text is not printed)
9. run 'setenforce 0'
10. run 'lvm help' (help text is printed)
Comment 4 Alasdair Kergon 2007-11-07 08:43:05 EST
So ensure selinux is logging failures and see what the precise error messages are.
Comment 5 Olle Liljenzin 2007-11-07 14:41:04 EST
type=AVC msg=audit(1194462466.874:404): avc:  denied  { read write } for 
pid=11867 comm="lvm" name="10" dev=devpts ino=12 scontext=root:system_r:lvm_t:s0
tcontext=root:obj
ect_r:rlogind_devpts_t:s0
 tclass=chr_file

I will attach the related part of audit.log as a file.
Comment 6 Olle Liljenzin 2007-11-07 14:42:36 EST
Created attachment 250671 [details]
audit.log from 'lvm help' with selinux enforced
Comment 7 Olle Liljenzin 2007-11-08 09:43:14 EST
I understand now that I have reported this on wrong component, but is it
rsh-server or selinux-policy or some other component that should have it?

I was first hit by this in fc6 and it confused me that auditd in fc6 was silent
and rlogin wasn't involved. I guess the fix for fc6 is an upgrade to f7.

(But why isn't the write call failing when selinux blocks the output?)
Comment 8 Olle Liljenzin 2007-11-10 04:55:45 EST
I have created a new bz 374431 on the component selinux-policy and want to make
this bz a duplicate of the new one.

Bugzilla says: You tried to change the Status field from NEW to CLOSED, but only
the owner or submitter of the bug, or a autorized user, may change that field.

AFAIK I am the submitter of the bug.
Comment 9 Milan Broz 2008-01-04 06:59:59 EST
Closing as duplicate per comment #8.

*** This bug has been marked as a duplicate of 374431 ***

Note You need to log in before you can comment on or make changes to this bug.