Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock then start sanlock service, sanlock will stop due to a segfault error and some selinux AVC denied error.
Version-Release number of selected component (if applicable):
# rpm -q sanlock kernel selinux-policy libvirt
sanlock-2.3-1.el6.x86_64
kernel-2.6.32-278.el6.x86_64
selinux-policy-3.7.19-154.el6.noarch
libvirt-0.9.10-21.el6.x86_64
How reproducible:
always
Steps to Reproduce:
1. To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock
2. open a new terminal then run tailf /var/log/messages
3. service sanlock start
4. service sanlock status
5. grep avc /var/log/audit/audit.log | grep sanlock
Actual results:
# service sanlock status
sanlock is stopped
# service sanlock start
Starting sanlock: [ OK ]
# service sanlock status
sanlock is stopped
Expected results:
Can successfull start sanlock service without segfault error.
Additional info:
# tailf /var/log/messages
<snip>
Jun 14 11:05:13 intel-8400-8-1 kernel: sanlock[29558]: segfault at 8 ip 00007fee0c8dc5a1 sp 00007fff1daa0ad8 error 4 in libc-2.12.so[7fee0c85c000+189000]
Jun 14 11:05:13 intel-8400-8-1 abrtd: Directory 'ccpp-2012-06-14-11:05:13-29558' creation detected
Jun 14 11:05:13 intel-8400-8-1 abrt[29560]: Saved core dump of pid 29558 (/usr/sbin/sanlock) to /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558 (16183296 bytes)
Jun 14 11:05:13 intel-8400-8-1 abrtd: Package 'sanlock' isn't signed with proper key
Jun 14 11:05:13 intel-8400-8-1 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2012-06-14-11:05:13-29558' exited with 1
Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting
Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting
</snip>
Unfortunately, core dump file is also deleted due to some errors.
# cat /etc/sysconfig/sanlock
SANLOCKOPTS="-w 0"
# service wdmd status
wdmd is stopped
# getsebool -a | grep sanlock
sanlock_use_nfs --> off
sanlock_use_samba --> off
virt_use_sanlock --> on
# grep avc /var/log/audit/audit.log | grep sanlock
<snip>
type=AVC msg=audit(1339315900.009:41782): avc: denied { signal } for pid=22908 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1339315900.009:41783): avc: denied { setgid } for pid=22909 comm="sanlock" capability=6 scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(1339316617.086:41791): avc: denied { search } for pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=AVC msg=audit(1339316617.086:41791): avc: denied { read } for pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file
</snip>
Will also file a selinux-policy bug to trace this issue.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
http://rhn.redhat.com/errata/RHBA-2013-0530.html
Description of problem: To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock then start sanlock service, sanlock will stop due to a segfault error and some selinux AVC denied error. Version-Release number of selected component (if applicable): # rpm -q sanlock kernel selinux-policy libvirt sanlock-2.3-1.el6.x86_64 kernel-2.6.32-278.el6.x86_64 selinux-policy-3.7.19-154.el6.noarch libvirt-0.9.10-21.el6.x86_64 How reproducible: always Steps to Reproduce: 1. To append SANLOCKOPTS="-w 0" into /etc/sysconfig/sanlock 2. open a new terminal then run tailf /var/log/messages 3. service sanlock start 4. service sanlock status 5. grep avc /var/log/audit/audit.log | grep sanlock Actual results: # service sanlock status sanlock is stopped # service sanlock start Starting sanlock: [ OK ] # service sanlock status sanlock is stopped Expected results: Can successfull start sanlock service without segfault error. Additional info: # tailf /var/log/messages <snip> Jun 14 11:05:13 intel-8400-8-1 kernel: sanlock[29558]: segfault at 8 ip 00007fee0c8dc5a1 sp 00007fff1daa0ad8 error 4 in libc-2.12.so[7fee0c85c000+189000] Jun 14 11:05:13 intel-8400-8-1 abrtd: Directory 'ccpp-2012-06-14-11:05:13-29558' creation detected Jun 14 11:05:13 intel-8400-8-1 abrt[29560]: Saved core dump of pid 29558 (/usr/sbin/sanlock) to /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558 (16183296 bytes) Jun 14 11:05:13 intel-8400-8-1 abrtd: Package 'sanlock' isn't signed with proper key Jun 14 11:05:13 intel-8400-8-1 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2012-06-14-11:05:13-29558' exited with 1 Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting Jun 14 11:05:13 intel-8400-8-1 abrtd: Corrupted or bad directory /var/spool/abrt/ccpp-2012-06-14-11:05:13-29558, deleting </snip> Unfortunately, core dump file is also deleted due to some errors. # cat /etc/sysconfig/sanlock SANLOCKOPTS="-w 0" # service wdmd status wdmd is stopped # getsebool -a | grep sanlock sanlock_use_nfs --> off sanlock_use_samba --> off virt_use_sanlock --> on # grep avc /var/log/audit/audit.log | grep sanlock <snip> type=AVC msg=audit(1339315900.009:41782): avc: denied { signal } for pid=22908 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process type=AVC msg=audit(1339315900.009:41783): avc: denied { setgid } for pid=22909 comm="sanlock" capability=6 scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability type=AVC msg=audit(1339316617.086:41791): avc: denied { search } for pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir type=AVC msg=audit(1339316617.086:41791): avc: denied { read } for pid=23009 comm="sanlock" scontext=unconfined_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file </snip> Will also file a selinux-policy bug to trace this issue.