Bug 487280 - Monitoring and MonitoringScout should not print messages during startup if disabled
Monitoring and MonitoringScout should not print messages during startup if di...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Monitoring (Show other bugs)
530
All Linux
low Severity low
: ---
: ---
Assigned To: Miroslav Suchý
Michael Mráka
: Reopened
Depends On:
Blocks: 463877
  Show dependency treegraph
 
Reported: 2009-02-25 05:05 EST by Michael Mráka
Modified: 2009-09-10 14:49 EDT (History)
2 users (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 14:49:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Mráka 2009-02-25 05:05:03 EST
Description of problem:
Monitoring and MonitoringScout services write a lot of messages during startup (or restart) even if those services are disabled. Moreover Monitoring generates AVC denials because it writes to the console (this is not a selinux problem; monitoring should not write there).

Version-Release number of selected component (if applicable):
Satellite-5.3.0-RHEL5-re20090220.1

How reproducible:
Always

Steps to Reproduce:
1. install satellite, don't touch monitoring setup (i.e. don't enable it)
2. service Monitoring stop
3. service MonitoringScout stop
4. service Monitoring start
5. service MonitoringScout start
6. grep AVC.*Monitoring /var/log/audit/audit.log 
  
Actual results:
# service Monitoring stop
2009-02-25 10:59:09 Monitoring: Debug level = 0
2009-02-25 10:59:09 Monitoring: Switches: stop
2009-02-25 10:59:09 Monitoring: STOPPING
2009-02-25 10:59:09 Monitoring: STOPPED OK
2009-02-25 10:59:09 Monitoring: ============ STATUS ===============
2009-02-25 10:59:09 Monitoring:    ---- Monitoring backend functionality is disabled
2009-02-25 10:59:09 Monitoring:    ---- Monitoring scout functionality is disabled
2009-02-25 10:59:09 Monitoring: Last action: stop
2009-02-25 10:59:09 Monitoring: ** Installed for SysV startup **
2009-02-25 10:59:09 Monitoring: STOPPED
2009-02-25 10:59:09 Monitoring: ===================================
# service MonitoringScout stop
2009-02-25 11:00:50 MonitoringScout: Debug level = 0
2009-02-25 11:00:50 MonitoringScout: Switches: stop
2009-02-25 11:00:50 MonitoringScout: STOPPING
2009-02-25 11:00:50 MonitoringScout: STOPPED OK
2009-02-25 11:00:50 MonitoringScout: ============ STATUS ===============
2009-02-25 11:00:50 MonitoringScout:    ---- Monitoring backend functionality is disabled
2009-02-25 11:00:50 MonitoringScout:    ---- Monitoring scout functionality is disabled
2009-02-25 11:00:50 MonitoringScout: Last action: stop
2009-02-25 11:00:50 MonitoringScout: ** Installed for SysV startup **
2009-02-25 11:00:50 MonitoringScout: STOPPED
2009-02-25 11:00:50 MonitoringScout: ===================================
# service Monitoring start
2009-02-25 11:01:12 Monitoring: Debug level = 0
2009-02-25 11:01:12 Monitoring: Switches: start
2009-02-25 11:01:12 Monitoring: STARTING...
2009-02-25 11:01:12 Monitoring: STARTED OK
2009-02-25 11:01:12 Monitoring: ============ STATUS ===============
2009-02-25 11:01:12 Monitoring:    ---- Monitoring backend functionality is disabled
2009-02-25 11:01:12 Monitoring:    ---- Monitoring scout functionality is disabled
2009-02-25 11:01:12 Monitoring: Last action: start
2009-02-25 11:01:12 Monitoring: ** Installed for SysV startup **
2009-02-25 11:01:12 Monitoring: STARTED and RUNNING
2009-02-25 11:01:12 Monitoring: ===================================
# service MonitoringScout start
2009-02-25 11:01:37 MonitoringScout: Debug level = 0
2009-02-25 11:01:37 MonitoringScout: Switches: start
2009-02-25 11:01:37 MonitoringScout: STARTING...
2009-02-25 11:01:37 MonitoringScout: STARTED OK
2009-02-25 11:01:37 MonitoringScout: ============ STATUS ===============
2009-02-25 11:01:37 MonitoringScout:    ---- Monitoring backend functionality is disabled
2009-02-25 11:01:37 MonitoringScout:    ---- Monitoring scout functionality is disabled
2009-02-25 11:01:37 MonitoringScout: Last action: start
2009-02-25 11:01:37 MonitoringScout: ** Installed for SysV startup **
2009-02-25 11:01:37 MonitoringScout: STARTED and RUNNING
2009-02-25 11:01:37 MonitoringScout: ===================================

# grep AVC.*Monitoring /var/log/audit/audit.log 
type=AVC msg=audit(1235553463.095:21): avc:  denied  { read write } for  pid=2099 comm="Monitoring" path="/dev/console" dev=tmpfs ino=564 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235553463.307:22): avc:  denied  { ioctl } for  pid=2099 comm="Monitoring" path="/dev/console" dev=tmpfs ino=564 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235553464.311:23): avc:  denied  { getattr } for  pid=2099 comm="Monitoring" path="/dev/console" dev=tmpfs ino=564 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file

Expected results:
no output on console, no messages in audit log

Additional info:
Comment 1 Miroslav Suchý 2009-02-26 03:24:17 EST

*** This bug has been marked as a duplicate of bug 474563 ***
Comment 2 Brandon Perkins 2009-02-26 10:39:25 EST
Reopening as:

A) You can't close dupe across product lines, and
B) The one it is duping against is 0.6, and this was aligned against 5.3.
Comment 3 Miroslav Suchý 2009-03-03 04:29:22 EST
Commited as 4d6896012e5835a981beed930f96c0350ac63409
Fixed in package SatConfig-general-1.216.8-1

Monitor Scout now start as:
Starting MonitoringScout ...  Starting InstallSoftwareConfig ...  [ OK ]
Starting NPBootstrap ...  [ OK ]
Starting SputLite ...  [ OK ]
Starting Dequeuer ...  [ OK ]
Starting Dispatcher ...  [ OK ]
[ OK ]


And Monitoring now start as:
Starting Monitoring ...  Starting InstallSoftwareConfig ...  [ OK ]
Starting GenerateNotifConfig ...  [ OK ]
Starting NotifEscalator ...  [ OK ]
Starting NotifLauncher ...  [ OK ]
Starting Notifier ...  [ OK ]
Starting AckProcessor ...  [ OK ]
Starting TSDBLocalQueue ...  [ OK ]
[ OK ]

This is however not ideal, since the service Monitoring and MonitoringScout start others sub-service. 
Idealy each sub-service will be independent service and we use /etc/rc.d/init.d/functions for starting and stopping. But this will requires rewrite monitoring init.d scripts which can potentionaly lead to more Monitoring breakage, which I do not suggest to do right now.
Comment 4 Miroslav Suchý 2009-03-09 09:16:01 EDT
Mass moving to ON_QA
Comment 5 Jan Pazdziora 2009-03-13 08:27:54 EDT
FYI, with SatConfig-general-1.216.8-1.el5sat on Satellite-5.3.0-RHEL5-re20090306.2-i386, I still see

type=AVC msg=audit(1235481127.000:310): avc:  denied  { read write } for  pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481127.000:310): avc:  denied  { read write } for  pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481127.000:310): avc:  denied  { read write } for  pid=21041 comm="MonitoringScout" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481141.974:311): avc:  denied  { read write } for  pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481141.974:311): avc:  denied  { read write } for  pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481141.974:311): avc:  denied  { read write } for  pid=21079 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481416.890:23): avc:  denied  { read write } for  pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481417.218:24): avc:  denied  { ioctl } for  pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235481417.218:24): avc:  denied  { sys_tty_config } for  pid=3022 comm="Monitoring" capability=26 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:system_r:spacewalk_monitoring_t:s0 tclass=capability
type=AVC msg=audit(1235481419.449:25): avc:  denied  { getattr } for  pid=3022 comm="Monitoring" path="/dev/console" dev=tmpfs ino=741 scontext=system_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file

in audit.log upon restart.
Comment 6 Jan Pazdziora 2009-03-13 08:30:16 EDT
I meant reboot.
Comment 7 Jan Pazdziora 2009-03-13 08:32:26 EDT
You can also see these AVCs if you run /usr/sbin/rhn-satellite start on console (vmware console):

type=AVC msg=audit(1235482041.994:65): avc:  denied  { read write } for  pid=4965 comm="Monitoring" name="tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235482042.000:66): avc:  denied  { ioctl } for  pid=4965 comm="Monitoring" path="/dev/tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1235482042.731:67): avc:  denied  { getattr } for  pid=4965 comm="Monitoring" path="/dev/tty1" dev=tmpfs ino=745 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
Comment 8 Miroslav Suchý 2009-03-13 09:20:27 EDT
Jan solved the SElinux issue in 883d0398abac9155216864c8e62cfd4e6ec39a55
Will be fixed in spacewalk-monitoring-selinux-0.5.5
Comment 9 Michael Mráka 2009-04-06 08:44:10 EDT
Verified. Satellite-5.3.0-RHEL5-re20090327.0

[root@xen30 ~]# service Monitoring stop
Stopping Monitoring ...  Stopping TSDBLocalQueue ...  [ OK ]
Stopping AckProcessor ...  [ OK ]
Stopping Notifier ...  [ OK ]
Stopping NotifLauncher ...  [ OK ]
Stopping NotifEscalator ...  [ OK ]
Stopping GenerateNotifConfig ...  [ OK ]
Stopping InstallSoftwareConfig ...  [ OK ]
[ OK ]
[root@xen30 ~]# service MonitoringScout stop
Stopping MonitoringScout ...  [ OK ]
[ OK ]
[root@xen30 ~]# service Monitoring start
Starting Monitoring ...  Starting InstallSoftwareConfig ...  [ OK ]
Starting GenerateNotifConfig ...  [ OK ]
Starting NotifEscalator ...  [ OK ]
Starting NotifLauncher ...  [ OK ]
Starting Notifier ...  [ OK ]
Starting AckProcessor ...  [ OK ]
Starting TSDBLocalQueue ...  [ OK ]
[ OK ]
[root@xen30 ~]# service MonitoringScout start
Starting MonitoringScout ...  [ OK ]
[ OK ]
[root@xen30 ~]# grep AVC.*Monitoring /var/log/audit/audit.log 
<no output>
Comment 10 John Matthews 2009-08-03 11:50:19 EDT
RELEASE_PENDING
Running against Satellite-5.3.0-RHEL5-re20090724.0-i386-embedded-oracle.iso
registered to stage
monitoring has not been enabled as per testplan in description

[root@sun-x4200-01 ~]# service Monitoring stop
Stopping Monitoring ...  
[ OK ]
[root@sun-x4200-01 ~]# service MonitoringScout stop
Stopping MonitoringScout ...  
[ OK ]
[root@sun-x4200-01 ~]# service Monitoring start
Starting Monitoring ...  
[ OK ]
[root@sun-x4200-01 ~]# service MonitoringScout start
Starting MonitoringScout ...  
[ OK ]
[root@sun-x4200-01 ~]# grep AVC.*Monitoring /var/log/audit/audit.log 
[root@sun-x4200-01 ~]#
Comment 11 Brandon Perkins 2009-09-10 14:49:12 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html

Note You need to log in before you can comment on or make changes to this bug.