836980 – stap-server fails to install

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 836980 - stap-server fails to install

Summary: stap-server fails to install

Keywords:
Status:	CLOSED DUPLICATE of bug 828606
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	7.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	beta
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:	828606
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-02 11:48 UTC by Martin Cermak
Modified:	2013-01-29 09:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-07-17 08:02:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Martin Cermak 2012-07-02 11:48:33 UTC

Description of problem:

# yum install systemtap-server
Loaded plugins: langpacks, product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Resolving Dependencies
--> Running transaction check
---> Package systemtap-server.s390x 0:1.8-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================
 Package                               Arch                       Version                        Repository                  Size
==================================================================================================================================
Installing:
 systemtap-server                      s390x                      1.8-1.el7                      rhel7                      165 k

Transaction Summary
==================================================================================================================================
Install  1 Package

Total download size: 165 k
Installed size: 656 k
Is this ok [y/N]: y
Downloading Packages:
systemtap-server-1.8-1.el7.s390x.rpm                                                                       | 165 kB     00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : systemtap-server-1.8-1.el7.s390x                                                                               1/1 
warning: user stap-server does not exist - using root
runuser: user stap-server does not exist
Could not open certificate file ~stap-server/.systemtap/ssl/server/stap.cert for reading
No such file or directory
Unable to authorize certificate
Could not open certificate file ~stap-server/.systemtap/ssl/server/stap.cert for reading
No such file or directory
Unable to authorize certificate
Installed products updated.
  Verifying  : systemtap-server-1.8-1.el7.s390x                                                                               1/1 

Installed:
  systemtap-server.s390x 0:1.8-1.el7                                                                                              

Complete!

Version-Release number of selected component (if applicable):

systemtap-server-1.8-1.el7.s390x

How reproducible:

Always

Additional info:

Observed also on x86_64. Due to this, the server can't start: 

# service stap-server start
Starting stap-server -a "x86_64" -r "3.3.0-0.15.el7.x86_64" -u "stap-server" --log "/var/log/stap-server/log"
runuser: user stap-server does not exist
                                                           [FAILED]

Comment 1 Paul W. Frields 2012-07-13 18:55:50 UTC

type=AVC msg=audit(1342205570.209:367): avc:  denied  { write } for  pid=11210 comm="useradd" name="lib" dev="dm-1" ino=28 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir

This happens when the %preinstall script tries to create the /var/lib/stap-server. Reassigning to selinux-policy to insure this is kosher and if so fix policy.

Comment 2 Daniel Walsh 2012-07-16 21:07:11 UTC

Why is useradd trying to write to /var/lib directory, is this where the user exists?

Comment 3 Miroslav Grepl 2012-07-16 21:14:44 UTC

Yes, the stap-server rpm script runs useradd to create stapuser with /var/lib/stapserver as homedir.

We have stapserver policy in rawhide.

Comment 4 Miroslav Grepl 2012-07-17 08:02:12 UTC


*** This bug has been marked as a duplicate of bug 828606 ***

Note You need to log in before you can comment on or make changes to this bug.