Bug 524983 - v7 Network server blocked from working by SELinux
v7 Network server blocked from working by SELinux
Status: CLOSED WONTFIX
Product: Red Hat Hardware Certification Program
Classification: Red Hat
Component: Test Suite (tests) (Show other bugs)
1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Greg Nichols
Red Hat Kernel QE team
:
: 624493 641150 690363 692576 692775 (view as bug list)
Depends On:
Blocks: 1092696 767775 773757
  Show dependency treegraph
 
Reported: 2009-09-22 17:32 EDT by Gary Case
Modified: 2014-04-29 14:20 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1092696 (view as bug list)
Environment:
Last Closed: 2013-05-24 11:50:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output from SELinux detailing the v7 error (2.55 KB, text/plain)
2009-09-22 17:32 EDT, Gary Case
no flags Details
daemon mode test implementation (4.53 KB, patch)
2010-04-07 21:02 EDT, Greg Nichols
no flags Details | Diff
network test output - both client and server have v7-1.3.19 (4.84 KB, text/plain)
2011-04-13 09:27 EDT, IBM Bug Proxy
no flags Details
console messages on v7 network test (15.75 KB, text/plain)
2011-04-13 09:27 EDT, IBM Bug Proxy
no flags Details
network test console messages running with v7 server selinux disabled. (15.94 KB, text/plain)
2011-04-13 09:27 EDT, IBM Bug Proxy
no flags Details
network test patch adding warning about selinux on server start (1.48 KB, patch)
2011-04-15 10:01 EDT, Greg Nichols
no flags Details | Diff

  None (edit)
Description Gary Case 2009-09-22 17:32:38 EDT
Created attachment 362138 [details]
output from SELinux detailing the v7 error

Description of problem:
v7 Network server fails to function due to SELinux errors.

Version-Release number of selected component (if applicable):
v7-1.0-15.el5

How reproducible:
Every time

Steps to Reproduce:
1. Install v7.
2. Run v7 server start.
3. Attempt to use machine as network test server.
4. Errors occur.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rob Landry 2010-03-05 16:35:57 EST
Greg, is this a duplicate of bz#521609 or at least the same fix will be required?
Comment 3 Greg Nichols 2010-04-07 21:02:11 EDT
Created attachment 405142 [details]
daemon mode test implementation

This patch is an implementation that explores use of cgi communication with a separate server deamon process used to carry out commands.
Comment 6 Greg Nichols 2010-10-08 08:31:37 EDT
*** Bug 641150 has been marked as a duplicate of this bug. ***
Comment 7 Greg Nichols 2011-03-24 08:46:18 EDT
*** Bug 690363 has been marked as a duplicate of this bug. ***
Comment 8 Greg Nichols 2011-04-05 09:35:41 EDT
*** Bug 692775 has been marked as a duplicate of this bug. ***
Comment 9 Greg Nichols 2011-04-13 09:16:56 EDT
*** Bug 692576 has been marked as a duplicate of this bug. ***
Comment 10 IBM Bug Proxy 2011-04-13 09:27:09 EDT
Created attachment 491758 [details]
network test output - both client and server have v7-1.3.19
Comment 11 IBM Bug Proxy 2011-04-13 09:27:13 EDT
Created attachment 491759 [details]
console messages on v7 network test
Comment 12 IBM Bug Proxy 2011-04-13 09:27:16 EDT
Created attachment 491760 [details]
network test console messages running with v7 server selinux disabled.
Comment 13 IBM Bug Proxy 2011-04-13 13:32:10 EDT
------- Comment From hienn@us.ibm.com 2011-04-13 13:26 EDT-------
Can you post the command to apply the patch?

I got errors when trying to apply it:
[root@eagle3 v7]# pwd
/usr/share/v7/lib/v7
[root@eagle3 v7]# patch -p2 < hardwaretest.patch
can't find file to patch at input line 5
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Index: hardwaretest.py
|===================================================================
|--- hardwaretest.py    (revision 474)
|+++ hardwaretest.py    (working copy)
--------------------------
File to patch: hardwaretest.py
patching file hardwaretest.py
Hunk #1 FAILED at 43.
Hunk #2 FAILED at 190.
Hunk #3 FAILED at 416.
Hunk #4 FAILED at 429.
Hunk #5 FAILED at 1040.
5 out of 5 hunks FAILED -- saving rejects to file hardwaretest.py.rej

[root@eagle3 v7]# cat hardwaretest.py.rej
--- /dev/null
+++ /dev/null
@@ -43,7 +43,7 @@
from v7.command import Command, V7CommandException
from v7.resultsengine import ResultsEngine
from v7.redhatrelease import RedHatRelease
-
+from v7.daemon import V7Daemon

class HardwareTestHarness(Controller):

@@ -190,10 +190,8 @@
command = self.options.command
if command == "print":
self.doPrint(format="html")
-        elif (command == 'run'):
+        elif (command == 'run' or command == 'server'):
result = self.addTask()
-        elif command == "status":
-            self.doWebStatus()
else:
print "Error: unknown/unsupported command %s" % command
return False
@@ -416,7 +414,8 @@
subcommand = "start"

if subcommand == "daemon":
-            return self.doDaemon()
+            daemon = V7Daemon(self.environment)
+            return daemon.run()

planner = Planner(self.options, virtualization=None)
@@ -429,53 +428,33 @@
if rv != 0:
result = rv
return result
-
-    def doDaemon(self):
-        while True:
-            if self.Debugging != Constants.off:
-                print "checking for tasks"
-            try:
-                taskFile = open(self.environment.getTaskFilePath())
-                for line in taskFile.readlines():
-                    if not line:
-                        break
-                    try:
-                        print "\"" + line.strip() + "\""
-                        if line.strip() == "shutdown":
-                            print "v7 daemon shutdown"
-                            # delete the lines from the file
-                            open(self.environment.getTaskFilePath(), "w").close()
-                            return 0
-                        # otherwise
-                        # only run v7 - nothing else
-                        if line.split()[0] == "v7" and ";" not in line:
-                            print "Running: " + line
-                            task = Command(line)
-                            task.echo()
-                        else:
-                            print "unsupported command: " + line
-                    except V7CommandException, e:
-                        print "Error: " + e.message
-                taskFile.close()
-                # delete the lines from the file
-                open(self.environment.getTaskFilePath(), "w").close()
-                time.sleep(10)
-            except IOError, e:
-                print e/v7/results.xml
-                return False

def addTask(self):
print "<pre>"
-        command = "v7 " + self.webOptions["command"] + " "
+        command = "v7 " + self.webOptions["command"] + " " + self.webOptions["subcommand"] + " "
for option in self.webOptions.keys():
-            if option != "command" and self.webOptions[option]:
+            if "command" not in option and self.webOptions[option]:
command += "--" + option + " " + self.webOptions[option] + " "
command += "\n"
print "Adding Task: " + command
sys.stdout.flush()
-        taskFile = open(self.environment.getTaskFilePath(), "a")
-        taskFile.write(command)
-        taskFile.close()
+        taskInFile = os.open(self.environment.getTaskFilePath() + ".in", os.O_WRONLY)
+        print "opened task file"
+        sys.stdout.flush()
+        os.write(taskInFile, command)
+        os.write(taskInFile, "\n")
+        os.close(taskInFile)
+        print "Reading Results"
+        taskOutFile = open(self.environment.getTaskFilePath()+".out", "r")
+        while True:
+            line = taskOutFile.readline()
+            if line:
+                print line
+            else:
+                break
+        taskOutFile.close()
+        print "done"
+        sys.stdout.flush()
print "</pre>"

def doWebStatus(self):
@@ -1040,8 +1019,8 @@
print "Warning: unknown device: %s " % key
# create one from scratch
device = HalDevice(dict())
-                if self.options.udi:
-                    device.setUDI(self.options.udi)
+                if self.options.udi and len(self.options.udi) > 0:
+                    device.setUDI(self.options.udi[0])

test.setDevice(device)
if self.options.device:
[root@eagle3 v7]#
Comment 14 Greg Nichols 2011-04-15 10:01:57 EDT
Created attachment 492385 [details]
network test patch adding warning about selinux on server start
Comment 16 IBM Bug Proxy 2011-04-16 00:11:28 EDT
------- Comment From lxie@us.ibm.com 2011-04-16 00:05 EDT-------
(In reply to comment #17)
> Created an attachment (id=60829) [details]
> daemon mode test implementation
>
>
> ------- Comment on attachment From gnichols@redhat.com 2010-04-07 21:02:11
> EDT-------
>
>
> This patch is an implementation that explores use of cgi communication with a
> separate server deamon process used to carry out commands.

RedHat,

Dose this patch have a fix for this bug? are you expecting IBM to test it? which build should this patch be applied to v7-1.1-19 or later build?
Comment 17 IBM Bug Proxy 2011-04-20 16:31:39 EDT
------- Comment From lxie@us.ibm.com 2011-04-20 16:29 EDT-------
(In reply to comment #20)
> (In reply to comment #17)
> > Created an attachment (id=60829) [details] [details]
> > daemon mode test implementation
> >
> >
> > ------- Comment on attachment From gnichols@redhat.com 2010-04-07 21:02:11
> > EDT-------
> >
> >
> > This patch is an implementation that explores use of cgi communication with a
> > separate server deamon process used to carry out commands.
>
> RedHat,
>
> Dose this patch have a fix for this bug? are you expecting IBM to test it?
> which build should this patch be applied to v7-1.1-19 or later build?

oops,  the severity was accidentally changed to low, needs to be block
Comment 18 Greg Nichols 2011-04-27 11:41:29 EDT
*** Bug 624493 has been marked as a duplicate of this bug. ***
Comment 19 IBM Bug Proxy 2011-04-29 17:20:44 EDT
------- Comment From hienn@us.ibm.com 2011-04-29 17:18 EDT-------
v7-1.3-35 : passed the network tests on a Power7 blade with a 2-port HEA card.

Will try on a Power7 standalone system.
Comment 20 IBM Bug Proxy 2011-05-11 14:11:10 EDT
------- Comment From lxie@us.ibm.com 2011-05-11 14:09 EDT-------
(In reply to comment #23)
> v7-1.3-35 : passed the network tests on a Power7 blade with a 2-port HEA card.
>
> Will try on a Power7 standalone system.

Hien,

When you get a chance, please test the latest HTS (-43) build on a server, if it works, you might close this bug.

Thanks,

Linda
Comment 21 IBM Bug Proxy 2011-05-18 08:22:17 EDT
------- Comment From sglass@us.ibm.com 2011-05-18 08:11 EDT-------
This is now working for IBM
Comment 22 Devang Parikh 2011-08-02 08:40:36 EDT
customer has escalated the delay to senior management, we need to accelerate the cert, to the customer
Comment 23 Rob Landry 2011-08-02 10:46:32 EDT
(In reply to comment #22)
> customer has escalated the delay to senior management, we need to accelerate
> the cert, to the customer

This bug does not block certifications.

Note You need to log in before you can comment on or make changes to this bug.