Description of problem: journalctl -a shows that collectd is writing tons of messages (wlel, the same message over and over) to the logs: Version-Release number of selected component (if applicable): F18 build How reproducible: always
dwalsh, Can you recommend any changes here? Collectd starts it's just failing since its not able to write to /var/log/collectd.log Here's the module file we're using which has the added entries from audit2allow, is there something else I could be missing? module ovirt 1.0; require { type initrc_t; type initrc_tmp_t; type mount_t; type setfiles_t; type shadow_t; type unconfined_t; type passwd_t; type user_tmp_t; type var_log_t; type net_conf_t; type collectd_t; type virt_etc_t; type loadkeys_t; type initrc_tmp_t; type virtd_exec_t; class file { append mounton open getattr read execute ioctl lock entrypoint write }; class fd { use }; class process { sigchld signull transition noatsecure siginh rlimitinh getattr }; class fifo_file { getattr open read write append lock ioctl }; class filesystem getattr; class dir { getattr search open read lock ioctl write add_name}; class socket { read write }; class tcp_socket { read write }; class udp_socket { read write }; class rawip_socket { read write }; class netlink_socket { read write }; class packet_socket { read write }; class unix_stream_socket { read write create ioctl getattr lock setattr append bind connect getopt setopt shutdown connectto }; class unix_dgram_socket { read write }; class appletalk_socket { read write }; class netlink_route_socket { read write }; class netlink_firewall_socket { read write }; class netlink_tcpdiag_socket { read write }; class netlink_nflog_socket { read write }; class netlink_xfrm_socket { read write }; class netlink_selinux_socket { read write }; class netlink_audit_socket { read write }; class netlink_ip6fw_socket { read write }; class netlink_dnrt_socket { read write }; class netlink_kobject_uevent_socket { read write }; class tun_socket { read write }; class chr_file { getattr read write append ioctl lock open }; class lnk_file { getattr read }; class sock_file { getattr write open append }; } allow mount_t shadow_t:file mounton; allow setfiles_t net_conf_t:file read; # Unknown on F18: #allow setfiles_t initrc_tmp_t:file append; #allow consoletype_t var_log_t:file append; #allow passwd_t user_tmp_t:file write; # Unknown on F17 brctl_t: #allow brctl_t net_conf_t:file read; # Suppose because of collectd libvirt plugin allow collectd_t virt_etc_t:file read; allow collectd_t var_log_t:dir write; allow collectd_t var_log_t:dir add_name; allow collectd_t virtd_exec_t:file getattr; # Suppose because etc is on tmpfs allow loadkeys_t initrc_tmp_t:file read; type ovirt_exec_t; init_daemon_domain(unconfined_t,ovirt_exec_t) Running audit2allow on audit.log audit2allow -i /tmp/au.log #============= collectd_t ============== allow collectd_t passwd_file_t:file read; allow collectd_t var_log_t:dir add_name; allow collectd_t virtd_exec_t:file getattr; #============= loadkeys_t ============== allow loadkeys_t initrc_tmp_t:file open; ------------------- audit.log entries for collectd type=PATH msg=audit(1360184795.506:2698): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 type=AVC msg=audit(1360184795.506:2699): avc: denied { add_name } for pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1360184795.506:2699): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null) type=CWD msg=audit(1360184795.506:2699): cwd="/var/lib/collectd" type=PATH msg=audit(1360184795.506:2699): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 type=AVC msg=audit(1360184795.506:2700): avc: denied { add_name } for pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1360184795.506:2700): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null) type=CWD msg=audit(1360184795.506:2700): cwd="/var/lib/collectd" type=PATH msg=audit(1360184795.506:2700): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 type=AVC msg=audit(1360184795.506:2701): avc: denied { add_name } for pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1360184795.506:2701): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null) type=CWD msg=audit(1360184795.506:2701): cwd="/var/lib/collectd" type=PATH msg=audit(1360184795.506:2701): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 type=AVC msg=audit(1360184795.506:2702): avc: denied { add_name } for pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1360184795.506:2702): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null) type=CWD msg=audit(1360184795.506:2702): cwd="/var/lib/collectd" type=PATH msg=audit(1360184795.506:2702): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 type=AVC msg=audit(1360184795.506:2703): avc: denied { add_name } for pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1360184795.506:2703): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null) type=CWD msg=audit(1360184795.506:2703): cwd="/var/lib/collectd" type=PATH msg=audit(1360184795.506:2703): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 type=AVC msg=audit(1360184795.506:2704): avc: denied { add_name } for pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1360184795.506:2704): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null) type=CWD msg=audit(1360184795.506:2704): cwd="/var/lib/collectd" type=PATH msg=audit(1360184795.506:2704): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
The collectd service is writing Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status 2. to the journal, because no plugin (which supports a 'write' callback) is configured. The network plugin supports the write callback, but isn't configured initially. So ideally we will have to disable the collectd plugin (see bug #753309 ) until it is configured properly. Also: http://mailman.verplant.org/pipermail/collectd/2011-June/004549.html
we could disable collectd by default and have it started during ovirt-post based on a value in /etc/default/ovirt
(In reply to Mike Burns from comment #3) > we could disable collectd by default and have it started during ovirt-post > based on a value in /etc/default/ovirt Good idea! That will work on the short term.
*** Bug 990457 has been marked as a duplicate of this bug. ***
Not fixed in 3.0. Deferred to a lter release.
This is an automated message. Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
Closing old bugs. If relevant please reopen.