Bug 436564 - socket.getsockopt() on ppc generates exception
socket.getsockopt() on ppc generates exception
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: setroubleshoot (Show other bugs)
5.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: John Dennis
:
Depends On:
Blocks: RHEL5u2_relnotes
  Show dependency treegraph
 
Reported: 2008-03-07 17:21 EST by John Dennis
Modified: 2008-05-21 10:26 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2008-0061
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 10:26:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to set SO_PEERCRED based on arch (2.94 KB, patch)
2008-03-07 17:46 EST, John Dennis
no flags Details | Diff

  None (edit)
Description John Dennis 2008-03-07 17:21:55 EST
The get_credentials() function in access_control.py will generate an exception
when it calls socket.getsockopt() on powerpc (ppc). This was occurring because
the SO_PEERCRED constant was not exported by the python socket module and had
been hardcoded to 17 to work around the problem. But the value of SO_PEERCRED is
not always 17 on all architectures, in particular on ppc it's 21.

A discussion of the issue can be found in bug #436560.
Comment 1 John Dennis 2008-03-07 17:24:47 EST
A patch has been prepared which takes account of the architecture and wraps the
logic in a try/except block to further assure no exception will be generated.
Comment 2 John Dennis 2008-03-07 17:46:14 EST
Created attachment 297260 [details]
patch to set SO_PEERCRED based on arch
Comment 3 Don Domingo 2008-03-09 21:09:17 EDT
John,
re: release notes for this item, is this issue specific to PPC? also, could you
clarify the user impact of the bug that was fixed (e.g. causes a crash when user
does X)?

thanks! 
Comment 5 John Dennis 2008-03-10 11:20:59 EDT
re comment #3

The issue is specific to PPC *only*.

The setroubleshootd daemon will exit with a fault the first time the desktop
program sealert connects to the daemon. The sealert will display the error
"cannot connect" because the daemon it's trying to connect to has aborted.
Comment 8 Don Domingo 2008-03-25 23:49:46 EDT
sorry for the late reply, added to RHEL5.2 release notes under "Known Issues"
(ppc only):

<quote>
(ppc) The setroubleshootd daemon will exit with a fault the first time sealert
attempts to connect to the daemon. As such, sealert will display a Cannot
connect error when it is run.

Note that when this error occurs, the following sealert features will be disabled:

    * Real-time notification of SELinux AVC denials
    * The ability to browse diagnostic information associated with SELinux AVC
denials

</quote>

please advise if any further revisions are required. thanks!
Comment 12 Don Domingo 2008-03-30 20:09:01 EDT
John, should we mark this as resolved in the release notes? please advise. thanks!
Comment 13 John Dennis 2008-03-30 20:19:17 EDT
re comment #12, from my perspective it's resolved, however officially it's not
resolved until QE marks it as so.
Comment 14 Don Domingo 2008-04-01 22:13:35 EDT
Hi,
the RHEL5.2 release notes will be dropped to translation on April 15, 2008, at
which point no further additions or revisions will be entertained.

a mockup of the RHEL5.2 release notes can be viewed at the following link:
http://intranet.corp.redhat.com/ic/intranet/RHEL5u2relnotesmockup.html

please use the aforementioned link to verify if your bugzilla is already in the
release notes (if it needs to be). each item in the release notes contains a
link to its original bug; as such, you can search through the release notes by
bug number.

Cheers,
Don
Comment 16 Don Domingo 2008-04-29 19:58:54 EDT
looks like it's already resolved. can we now document this as "Resolved" in the
RHEL5.2 release notes updates?

please advise. thanks!
Comment 17 John Dennis 2008-04-29 23:30:23 EDT
I don't think this needs to be in the release notes, this particular issue only
arose in the initial 5.2 update submission, not a previous version, thus it is
only known as an issue to our internal testing group. 
Comment 18 Don Domingo 2008-04-30 01:03:14 EDT
thanks John. removing entirely from release notes. 
Comment 19 errata-xmlrpc 2008-05-21 10:26:03 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0061.html

Note You need to log in before you can comment on or make changes to this bug.