Bug 459667 - syslogd restart errors out with 'execvp: Permission denied'
syslogd restart errors out with 'execvp: Permission denied'
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: sysklogd (Show other bugs)
4.7
i386 Linux
medium Severity medium
: rc
: ---
Assigned To: Peter Vrabec
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-20 19:08 EDT by Geoff Quelch
Modified: 2008-08-27 05:54 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-27 05:54:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Output from the strace command. (105.65 KB, application/octet-stream)
2008-08-21 16:40 EDT, Geoff Quelch
no flags Details
Output from strace command on correct host (239.60 KB, application/octet-stream)
2008-08-21 16:45 EDT, Geoff Quelch
no flags Details

  None (edit)
Description Geoff Quelch 2008-08-20 19:08:28 EDT
Description of problem:
The syslogd is down and can't be restarted:
[root@npfbs00 log]# /etc/init.d/syslog start
Starting system logger: execvp: Permission denied
                                                           [FAILED]
Starting kernel logger:

Version-Release number of selected component (if applicable):
[root@npfbs00 log]# syslogd -v
syslogd 1.4.1

How reproducible:
Currently program is broken.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tomas Heinrich 2008-08-21 09:58:21 EDT
Hi Geoff,

what version of sysklogd are you using? Running "rpm -q sysklogd" would tell.
Does /var/log/audit/audit.log say anything about syslog?
Could you please run
  "strace -f -s 4096 -o /tmp/syslog.strace /etc/init.d/syslog start"
and attach the output file?
Comment 2 Geoff Quelch 2008-08-21 16:39:18 EDT
Thank you. Here is the information you requested.

[root@npws01 chkrootkit]# rpm -q sysklogd
sysklogd-1.4.1-44.el5

There is nothing in the audit logs concerning syslog.
Comment 3 Geoff Quelch 2008-08-21 16:40:24 EDT
Created attachment 314749 [details]
Output from the strace command.

The attached file is the output from the requeste command:

strace -f -s 4096 -o /tmp/syslog.strace /etc/init.d/syslog start

Thank you.
Comment 4 Geoff Quelch 2008-08-21 16:43:11 EDT
My apologies, my comments #2 and #3 should be discarded, I ran the command on the wrong host...

Here is the correct information:

[root@npfbs00 log]# rpm -q sysklogd
sysklogd-1.4.1-27.el4

There are no files in the audit directory.
Comment 5 Geoff Quelch 2008-08-21 16:45:19 EDT
Created attachment 314752 [details]
Output from strace command on correct host
Comment 6 Peter Vrabec 2008-08-25 08:38:27 EDT
Geoff, what does this command show?
#ls -Z /etc/init.d/syslog /sbin/rsyslog
Comment 7 Geoff Quelch 2008-08-25 12:07:55 EDT
Thanks, here is the info...

[root@npfbs00 tmp]# ls -Z /etc/init.d/syslog /sbin/rsyslog
ls: /sbin/rsyslog: No such file or directory
-rwxr-xr-x  root     root     system_u:object_r:initrc_exec_t  /etc/init.d/syslog
Comment 8 Peter Vrabec 2008-08-26 06:45:07 EDT
Ooops my fault.

again please:
#ls -Z /sbin/syslogd
Comment 9 Peter Vrabec 2008-08-26 06:49:17 EDT
Could you switch selinux into permissive mode for a while and start syslogd. Just to be sure it's not selinux related.
Comment 10 Geoff Quelch 2008-08-26 12:23:21 EDT
Thanks.
The revised command:

[root@npfbs00 tmp]# ls -Z /sbin/syslogd
-rwxr-xr-x  root     root     system_u:object_r:syslogd_exec_t /sbin/syslogd

Put selinux in permissive mode...

[root@npfbs00 tmp]# /etc/init.d/syslog start
Starting system logger:                                    [  OK  ]
Starting kernel logger:

Thanks.
Comment 11 Peter Vrabec 2008-08-27 05:54:41 EDT
hmm, it seems you have problem with selinux here. Check you /var/log/messages. Relabeling your filesystem might be useful. 
touch /.autorelabel
reboot

Note You need to log in before you can comment on or make changes to this bug.