Bug 831906 - sanlock: segfault with SANLOCKOPTS="-w 0" configuration
sanlock: segfault with SANLOCKOPTS="-w 0" configuration
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sanlock (Show other bugs)
6.3
x86_64 Linux
urgent Severity urgent
: rc
: ---
Assigned To: David Teigland
Haim
: Reopened, ZStream
Depends On:
Blocks: 841992 906027
  Show dependency treegraph
 
Reported: 2012-06-13 23:30 EDT by Alex Jia
Modified: 2016-04-26 10:48 EDT (History)
10 users (show)

See Also:
Fixed In Version: sanlock-2.5-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 03:52:48 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alex Jia 2012-06-13 23:30:49 EDT
Description of problem:
To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock then start sanlock service, sanlock will stop due to a segfault error and some selinux AVC denied error.

Version-Release number of selected component (if applicable):
# rpm -q sanlock kernel selinux-policy libvirt
sanlock-2.3-1.el6.x86_64
kernel-2.6.32-278.el6.x86_64
selinux-policy-3.7.19-154.el6.noarch
libvirt-0.9.10-21.el6.x86_64


How reproducible:
always

Steps to Reproduce:
1. To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock
2. open a new terminal then run tailf /var/log/messages
3. service sanlock start
4. service sanlock status
5. grep avc /var/log/audit/audit.log | grep sanlock
  
Actual results:
# service sanlock status
sanlock is stopped

# service sanlock start
Starting sanlock:                                          [  OK  ]

# service sanlock status
sanlock is stopped

Expected results:
Can successfull start sanlock service without segfault error.

Additional info:

# tailf /var/log/messages

<snip>

Jun 14 11:05:13 intel-8400-8-1 kernel: sanlock[29558]: segfault at 8 ip 00007fee0c8dc5a1 sp 00007fff1daa0ad8 error 4 in libc-2.12.so[7fee0c85c000+189000]
Jun 14 11:05:13 intel-8400-8-1 abrtd: Directory 'ccpp-2012-06-14-11:05:13-29558' creation detected
Jun 14 11:05:13 intel-8400-8-1 abrt[29560]: Saved core dump of pid 29558 (/usr/sbin/sanlock) to /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558 (16183296 bytes)
Jun 14 11:05:13 intel-8400-8-1 abrtd: Package 'sanlock' isn't signed with proper key
Jun 14 11:05:13 intel-8400-8-1 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2012-06-14-11:05:13-29558' exited with 1
Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting
Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting

</snip>

Unfortunately, core dump file is also deleted due to some errors.

# cat /etc/sysconfig/sanlock 
SANLOCKOPTS="-w 0"

# service wdmd status
wdmd is stopped

# getsebool -a | grep sanlock
sanlock_use_nfs --> off
sanlock_use_samba --> off
virt_use_sanlock --> on

# grep avc /var/log/audit/audit.log | grep sanlock

<snip>

type=AVC msg=audit(1339315900.009:41782): avc:  denied  { signal } for  pid=22908 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1339315900.009:41783): avc:  denied  { setgid } for  pid=22909 comm="sanlock" capability=6  scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(1339316617.086:41791): avc:  denied  { search } for  pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=AVC msg=audit(1339316617.086:41791): avc:  denied  { read } for  pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file

</snip>

Will also file a selinux-policy bug to trace this issue.
Comment 2 David Teigland 2012-07-09 17:42:18 EDT

*** This bug has been marked as a duplicate of bug 838654 ***
Comment 3 David Teigland 2012-07-13 11:26:54 EDT
deconsolidating
Comment 6 Leonid Natapov 2012-12-17 10:26:31 EST
sanlock-2.6-2.el6.x86_64
no segfault when  SANLOCKOPTS="-w 0" activated in  /etc/sysconfig/sanlock
sanlock service can be successfully started.
Comment 8 errata-xmlrpc 2013-02-21 03:52:48 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0530.html

Note You need to log in before you can comment on or make changes to this bug.