Bug 741042 - [abrt] xen-4.1.1-3.fc15: tempfile.py:201:_get_default_tempdir:IOError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/etc/rc.d/init.d']
Summary: [abrt] xen-4.1.1-3.fc15: tempfile.py:201:_get_default_tempdir:IOError: [Errno...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 15
Hardware: x86_64
OS: Unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
Whiteboard: abrt_hash:4f10bc60ec439607725d0518657...
: 770631 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2011-09-24 15:52 UTC by Andrew Engelbrecht
Modified: 2012-08-07 17:20 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-08-07 17:20:20 UTC

Attachments (Terms of Use)

Description Andrew Engelbrecht 2011-09-24 15:52:46 UTC
abrt version: 2.0.3
architecture:   x86_64
comment:        i ran "service --status-all" and got the crash message.
component:      xen
executable:     /usr/sbin/xm
os_release:     Fedora release 15 (Lovelock)
package:        xen-4.1.1-3.fc15
reason:         tempfile.py:201:_get_default_tempdir:IOError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/etc/rc.d/init.d']
time:           Sat Sep 24 11:51:55 2011
uid:            500
username:       sudoman

:tempfile.py:201:_get_default_tempdir:IOError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/etc/rc.d/init.d']
:Traceback (most recent call last):
:  File "/usr/sbin/xm", line 5, in <module>
:    from xen.xm import main
:  File "/usr/lib64/python2.7/site-packages/xen/xm/main.py", line 51, in <module>
:    from xen.xend.server.DevConstants import xenbusState
:  File "/usr/lib64/python2.7/site-packages/xen/xend/server/DevConstants.py", line 21, in <module>
:    xoptions = XendOptions.instance()
:  File "/usr/lib64/python2.7/site-packages/xen/xend/XendOptions.py", line 566, in instance
:    inst = XendOptionsFile()
:  File "/usr/lib64/python2.7/site-packages/xen/xend/XendOptions.py", line 158, in __init__
:    self.configure()
:  File "/usr/lib64/python2.7/site-packages/xen/xend/XendOptions.py", line 176, in configure
:    self.loglevel_default))
:  File "/usr/lib64/python2.7/site-packages/xen/xend/XendLogging.py", line 135, in init
:    logfilename = tempfile.mkstemp("-xend.log")[1]
:  File "/usr/lib64/python2.7/tempfile.py", line 286, in mkstemp
:    dir = gettempdir()
:  File "/usr/lib64/python2.7/tempfile.py", line 254, in gettempdir
:    tempdir = _get_default_tempdir()
:  File "/usr/lib64/python2.7/tempfile.py", line 201, in _get_default_tempdir
:    ("No usable temporary directory found in %s" % dirlist))
:IOError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/etc/rc.d/init.d']
:Local variables in innermost frame:
:dirlist: ['/tmp', '/var/tmp', '/usr/tmp', '/etc/rc.d/init.d']
:e: OSError(13, 'Permission denied')
:name: 'Nc_zSs'
:seq: 0
:filename: '/etc/rc.d/init.d/Nc_zSs'
:flags: 131266
:namer: <tempfile._RandomNameSequence instance at 0x2122638>
:dir: '/etc/rc.d/init.d'

Comment 1 Michael Young 2011-09-26 19:16:22 UTC
I suspect this due to selinux blocking xm in some circumstances. Does the same thing happen if you run setenforce 0 beforehand?

Comment 2 Andrew Engelbrecht 2011-09-27 21:19:07 UTC
You were right, there is no issue when selinux is disabled. Here's the details of the violation if selinux is enabled:

SELinux is preventing /usr/bin/python from append access on the file tmpzy3mkl-xend.log.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that python should be allowed append access on the tmpzy3mkl-xend.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep xm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:system_r:virsh_t:s0
Target Context                unconfined_u:object_r:tmp_t:s0
Target Objects                tmpzy3mkl-xend.log [ file ]
Source                        xm
Source Path                   /usr/bin/python
Port                          <Unknown>
Host                          igo
Source RPM Packages           python-2.7.1-7.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-38.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     igo
Platform                      Linux igo #1 SMP Tue Aug 30
                              14:38:32 UTC 2011 x86_64 x86_64
Alert Count                   1
First Seen                    Tue 27 Sep 2011 05:15:44 PM EDT
Last Seen                     Tue 27 Sep 2011 05:15:44 PM EDT
Local ID                      8db220c1-d5e9-414f-9adb-3db21a3e94f5

Raw Audit Messages
type=AVC msg=audit(1317158144.473:539): avc:  denied  { append } for  pid=18326 comm="xm" name="tmpzy3mkl-xend.log" dev=sda1 ino=51302 scontext=unconfined_u:system_r:virsh_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=file

type=SYSCALL msg=audit(1317158144.473:539): arch=x86_64 syscall=open success=yes exit=ENXIO a0=2b3b560 a1=441 a2=1b6 a3=9 items=0 ppid=18325 pid=18326 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 ses=1 comm=xm exe=/usr/bin/python subj=unconfined_u:system_r:virsh_t:s0 key=(null)

Hash: xm,virsh_t,tmp_t,file,append


#============= virsh_t ==============
allow virsh_t tmp_t:file append;

audit2allow -R

#============= virsh_t ==============
allow virsh_t tmp_t:file append;

Comment 3 Sylvain Réault 2011-10-26 07:24:42 UTC
Package: xen-4.1.2-1.fc16
Architecture: x86_64
OS Release: Fedora release 16 (Verne)

No reason

Comment 4 Michael Young 2012-01-03 22:24:08 UTC
*** Bug 770631 has been marked as a duplicate of this bug. ***

Comment 5 Michael Young 2012-01-03 22:26:59 UTC
Reassigning to selinux.

Comment 6 Miroslav Grepl 2012-01-04 11:25:39 UTC
How is "tmpzy3mkl-xend.log" file created? 

And why is located in /tmp rather than in the /var/log/xen directory?

Comment 7 Michael Young 2012-01-04 21:21:01 UTC
It is a fall back location if the regular log file can't be opened - the python code from XendLogging.py is

        fileHandler = openFileHandler(filename)
        logfilename = filename
    except IOError:
        logfilename = tempfile.mkstemp("-xend.log")[1]
        fileHandler = openFileHandler(logfilename)

This probably means xend is run as non-root and is unlikely to do anything useful. Xend is being deprecated anyway so perhaps it makes sense just to catch the backtrace and return an ordinary error if selinux stops the file being created.

Comment 8 Daniel Walsh 2012-01-05 15:15:30 UTC
Looks to me like this file got created when the system was in permissive mode. tmp_t is not a label that we should see,if a domain was allowed to create a file in /tmp.

The question is what labeled process created tmpzy3mkl-xend.log?

Comment 9 Fedora End Of Life 2012-08-07 17:20:23 UTC
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:

Note You need to log in before you can comment on or make changes to this bug.