Bug 496175 - pkiremove of tps instance throws error message when tps log location is changed.
pkiremove of tps instance throws error message when tps log location is changed.
Product: Dogtag Certificate System
Classification: Community
Component: Installer (pkicreate/pkiremove) (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
Depends On:
Blocks: 443788
  Show dependency treegraph
Reported: 2009-04-16 20:22 EDT by Asha Akkiangady
Modified: 2015-01-04 18:37 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-22 19:34:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to fix (6.00 KB, patch)
2009-04-24 18:28 EDT, Ade Lee
no flags Details | Diff

  None (edit)
Description Asha Akkiangady 2009-04-16 20:22:52 EDT
Description of problem:
pkicreate tps instance by providing value to '-redirect logs=', pkiremove the same instance throws error message "(13)Permission denied: Error retrieving pid file logs/tps_instance.pid".

Version-Release number of selected component (if applicable):
CS 8.0

How reproducible:

Steps to Reproduce:
1. pkicreate tps instance. Example:
pkicreate -pki_instance_root=/var/lib  -subsystem_type=tps -pki_instance_name=pki-tps-2 -secure_port=13389 -unsecure_port=13388 -non_clientauth_secure_port=13390 -redirect logs=/tmp/asha/tps-log/

2.pkiremove the tps instance.
pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-tps-2 -force 

Actual results:

error message:
Stopping pki-tps-2: (13)Permission denied: Error retrieving pid file logs/pki-tps-2.pid
Remove it before continuing if it is corrupted.

Expected results:
tps instance removed successfully.

Additional info:
tps processes and files seems to be deleted. If I try to pkicreate tps instance using the same ports again, it fails.
Comment 1 Asha Akkiangady 2009-04-16 20:25:49 EDT
Test is run on RHEL 5.3 64 bit, logged in as root.
Comment 2 Asha Akkiangady 2009-04-22 13:35:28 EDT
With SELinux policy set to permissive, do not see any issue for this scenario.
Comment 3 Ade Lee 2009-04-23 16:10:42 EDT

I want to make sure I get the right rule for the selinux policy.  I do not see a specific message for the pid file.  Could be that my system is set up slightly differently.

So please reproduce on your system.  Should not take more than a few minutes.

Do as follows:

setenforce 0
cat /dev/null > /var/log/audit/audit.log
do the pkicreate/ pkiremove as you have described
cat /var/log/audit/audit.log |audit2allow -R

Post the output.
Comment 4 Ade Lee 2009-04-23 17:39:26 EDT
So, it turns out that the selinux context for the log file location was not being correctly set because of the trailing slash in the log location specified in the pkicreate.

pkicreate needs to be modified to remove any trailing slashes from paths before setting the selinux context.
Comment 5 Ade Lee 2009-04-24 18:28:38 EDT
Created attachment 341257 [details]
patch to fix

This patch includes fixes for this bug and for 496332

mharmsen, please review
Comment 6 Matthew Harmsen 2009-04-24 18:37:25 EDT
attachment (id=341257) +mharmsen
Comment 8 Ade Lee 2009-04-27 11:38:28 EDT
[builder@dhcp231-124 pki]$ svn ci -m "Bugzilla Bug #496332 and #496175"
Sending        base/selinux/src/pki.if
Sending        base/selinux/src/pki.te
Sending        base/setup/pkicreate
Sending        dogtag/selinux/pki-selinux.spec
Sending        dogtag/setup/pki-setup.spec
Transmitting file data .....
Committed revision 415.
Comment 9 Asha Akkiangady 2009-06-01 17:45:04 EDT
pkiremove of the instance removed successfully, when a trailing slash in the log location specified in the pkicreate.

Note You need to log in before you can comment on or make changes to this bug.