Bug 795430 - service matahari-broker fails to start when qpid store module is available
Summary: service matahari-broker fails to start when qpid store module is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: matahari
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: rc
: 6.3
Assignee: Zane Bitter
QA Contact: Dave Johnson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-20 14:17 UTC by ppecka
Modified: 2016-04-26 13:32 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:48:07 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0844 0 normal SHIPPED_LIVE matahari bug fix and enhancement update 2012-06-19 20:48:53 UTC

Description ppecka 2012-02-20 14:17:40 UTC 
Description of problem:
Selinux denies matahari-broker service to start when qpid-cpp-server-store is installed.


Version-Release number of selected component (if applicable):
 cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.2 (Santiago)

# rpm -qa | grep -P '(matahari|qpid)' | sort
fence-virtd-libvirt-qpid-0.2.3-5.el6.x86_64
matahari-0.4.4-11.el6.x86_64
matahari-agent-lib-0.4.4-11.el6.x86_64
matahari-broker-0.4.4-11.el6.x86_64
matahari-host-0.4.4-11.el6.x86_64
matahari-lib-0.4.4-11.el6.x86_64
matahari-network-0.4.4-11.el6.x86_64
matahari-service-0.4.4-11.el6.x86_64
matahari-sysconfig-0.4.4-11.el6.x86_64
python-qpid-0.14-3.el6.noarch
python-qpid-qmf-0.14-3.el6.x86_64
qpid-cpp-client-0.14-6.el6.x86_64
qpid-cpp-client-devel-0.14-6.el6.x86_64
qpid-cpp-client-devel-docs-0.14-6.el6.noarch
qpid-cpp-client-rdma-0.14-6.el6.x86_64
qpid-cpp-client-ssl-0.14-6.el6.x86_64
qpid-cpp-debuginfo-0.14-6.el6.x86_64
qpid-cpp-server-0.14-6.el6.x86_64
qpid-cpp-server-cluster-0.14-6.el6.x86_64
qpid-cpp-server-devel-0.14-6.el6.x86_64
qpid-cpp-server-rdma-0.14-6.el6.x86_64
qpid-cpp-server-ssl-0.14-6.el6.x86_64
qpid-cpp-server-store-0.14-6.el6.x86_64
qpid-cpp-server-xml-0.14-6.el6.x86_64
qpid-java-client-0.14-1.el6.noarch
qpid-java-common-0.14-1.el6.noarch
qpid-java-example-0.14-1.el6.noarch
qpid-java-jca-0.10-9.el6.noarch
qpid-jca-0.14-1.el6.noarch
qpid-qmf-0.14-3.el6.x86_64
qpid-qmf-devel-0.14-3.el6.x86_64
qpid-tests-0.14-1.el6.noarch
qpid-tools-0.14-1.el6.noarch
rh-qpid-cpp-tests-0.14-6.el6.x86_64
ruby-qpid-0.7.946106-2.el6.x86_64
ruby-qpid-qmf-0.14-3.el6.x86_64



How reproducible:


Steps to Reproduce:
1. install qpid-cpp-server-store rpm
2. service matahari-broker restart
3. qpid-stat -c localhost:49000
  
Actual results:

service matahari-broker restart;qpid-stat -c localhost:49000
Stopping Matahari broker daemon:                           [FAILED]
Starting Matahari broker daemon: Daemon startup failed: Journal Exception occurred while initializing store (MessageStoreImpl.cpp:383): jexception 0x0301 jdir::create_dir() threw JERR_JDIR_MKDIR: Directory creation failed. (dir="/var/lib/matahari/rhm" errno=13 (Permission denied))
                                                           [FAILED]
Failed: error - [Errno 111] Connection refused




cat /var/log/messages
...
Feb 20 09:03:03 dhcp-lab-116 matahari-brokerd[13782]: 2012-02-20 09:03:03 critical Unexpected error: Journal Exception occurred while initializing store (MessageStoreImpl.cpp:383): jexception 0x0301 jdir::create_dir() threw JERR_JDIR_MKDIR: Directory creation failed. (dir="/var/lib/matahari/rhm" errno=13 (Permission denied))
Feb 20 09:03:03 dhcp-lab-116 matahari-brokerd[13780]: 2012-02-20 09:03:03 critical Unexpected error: Daemon startup failed: Journal Exception occurred while initializing store (MessageStoreImpl.cpp:383): jexception 0x0301 jdir::create_dir() threw JERR_JDIR_MKDIR: Directory creation failed. (dir="/var/lib/matahari/rhm" errno=13 (Permission denied))
...

Expected results:
service matahari-broker is allowed to start

Additional info:
Comment 1 Ted Ross 2012-02-20 20:49:31 UTC 
Consider updating the broker configuration by adding --no-module-dir and using --load-module <path> explicitly to load needed modules (SSL, etc.).

This will prevent the broker process from picking up any available modules that happen to be installed on the system.
Comment 2 Zane Bitter 2012-02-21 16:30:22 UTC 
https://fedorahosted.org/pipermail/matahari/2012-February/002307.html
Comment 5 Zane Bitter 2012-04-26 08:37:01 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 7 Dave Johnson 2012-06-08 20:22:24 UTC 
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : qpid-cpp-server-store-0.14-16.el6.x86_64                                                                                                                   1/1 
Installed products updated.
  Verifying  : qpid-cpp-server-store-0.14-16.el6.x86_64                                                                                                                   1/1 

Installed:
  qpid-cpp-server-store.x86_64 0:0.14-16.el6                                                                                                                                  

Complete!
[root@kvm-guest-02 ~]# service matahari-broker start
Starting Matahari broker daemon: [  OK  ]
[root@kvm-guest-02 ~]# qmf-tool localhost:49000
Management Tool for QMF
qmf: list agents
QMF Agents:
       Id  Vendor               Product      Instance                              Epoch
    ======================================================================================
    *  1   apache.org           qpidd        101aa208-5af4-4248-9aca-b0c71ed741db  2
       2   matahariproject.org  libvirt-qmf  93dd3fad-aee2-4c7d-8b4b-0c60e351fedf  1
qmf: q
*** Unknown syntax: q
qmf: quit
Exiting...
[root@kvm-guest-02 ~]# qpid-stat -c localhost:49000
Connections
  client-addr                      cproc        cpid  auth       connected  idle  msgIn  msgOut
  ===============================================================================================
  [::1]:49000-[::1]:39713          qpid-stat    2308  anonymous  0s         0s     213    270
  127.0.0.1:49000-127.0.0.1:40617  libvirt-qmf  1894  anonymous  49s        0s      60     29
Comment 9 errata-xmlrpc 2012-06-20 13:48:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0844.html
Note You need to log in before you can comment on or make changes to this bug.