Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1310168
Summary: | glibc-2.22-9.fc23 breaks audit? | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dan Horák <dan> |
Component: | glibc | Assignee: | Florian Weimer <fweimer> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | arjun.is, codonell, dj, fweimer, jakub, law, mfabian, pfrankli, siddhesh |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | s390x | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | glibc-2.22-10.fc23 glibc-2.21-12.fc22 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-29 10:21:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 467765 |
Description
Dan Horák
2016-02-19 16:05:46 UTC
Can you provide an strace from the su failure, and from auditd at the same time? Does audit_open log anything? Thanks. The guest now works again, so reproducing inside the f23 chroot on the f23 based builder. groupadd is the command failing during the chroot creation by mock. bash-4.3# strace -ff groupadd foo execve("/usr/sbin/groupadd", ["groupadd", "foo"], [/* 26 vars */]) = 0 brk(NULL) = 0x2aa021cc000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd244000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd242000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=14448, ...}) = 0 mmap(NULL, 14448, PROT_READ, MAP_PRIVATE, 3, 0) = 0x3fffd23e000 close(3) = 0 open("/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\0. "..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=122000, ...}) = 0 mmap(NULL, 163888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffd215000 mmap(0x3fffd232000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x3fffd232000 mmap(0x3fffd234000, 36912, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3fffd234000 close(3) = 0 open("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\0j "..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=153040, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd214000 mmap(NULL, 156392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffd1ed000 mmap(0x3fffd210000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23000) = 0x3fffd210000 mmap(0x3fffd212000, 4840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3fffd212000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\3\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\2+\320"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=2114832, ...}) = 0 mmap(NULL, 1841232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffd02b000 mmap(0x3fffd1e3000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b7000) = 0x3fffd1e3000 mmap(0x3fffd1e9000, 14416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3fffd1e9000 close(3) = 0 open("/lib64/libpcre.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\0\25\240"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=318768, ...}) = 0 mmap(NULL, 319544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffcfdc000 mmap(0x3fffd029000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4c000) = 0x3fffd029000 close(3) = 0 open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\0\16\350"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=19696, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffcfdb000 mmap(NULL, 16712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffcfd6000 mmap(0x3fffcfd9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x3fffcfd9000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffcfd5000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffcfd4000 mprotect(0x3fffd1e3000, 16384, PROT_READ) = 0 mprotect(0x3fffcfd9000, 4096, PROT_READ) = 0 mprotect(0x3fffd029000, 4096, PROT_READ) = 0 mprotect(0x3fffd210000, 4096, PROT_READ) = 0 mprotect(0x3fffd232000, 4096, PROT_READ) = 0 mprotect(0x2aa00578000, 4096, PROT_READ) = 0 mprotect(0x3fffd26e000, 4096, PROT_READ) = 0 munmap(0x3fffd23e000, 14448) = 0 statfs("/sys/fs/selinux", 0x3ffffc7abf8) = -1 ENOENT (No such file or directory) statfs("/selinux", 0x3ffffc7abf8) = -1 ENOENT (No such file or directory) brk(NULL) = 0x2aa021cc000 brk(0x2aa021ed000) = 0x2aa021ed000 open("/proc/filesystems", O_RDONLY) = -1 ENOENT (No such file or directory) open("/proc/mounts", O_RDONLY) = -1 ENOENT (No such file or directory) access("/etc/selinux/config", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=110439232, ...}) = 0 mmap(NULL, 110439232, PROT_READ, MAP_PRIVATE, 3, 0) = 0x3fff6681000 close(3) = 0 setup() = -1 ENOSYS (Function not implemented) open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2997, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd241000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2997 read(3, "", 4096) = 0 close(3) = 0 munmap(0x3fffd241000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "Cannot open audit interface - ab"..., 40Cannot open audit interface - aborting. ) = 40 exit_group(1) = ? +++ exited with 1 +++ Seems I have a reproducer - install f23 GA - do "dnf update glibc" to get glibc-2.22-9.fc23.s390x from updates - do "groupadd foo" - enjoy "Cannot open audit interface - aborting." But more things are broken, eg. [root@devel10 ~]# ip addr Cannot open netlink socket: Function not implemented (In reply to Dan Horák from comment #3) > Seems I have a reproducer > - install f23 GA > - do "dnf update glibc" to get glibc-2.22-9.fc23.s390x from updates > - do "groupadd foo" > - enjoy "Cannot open audit interface - aborting." > > But more things are broken, eg. > > [root@devel10 ~]# ip addr > Cannot open netlink socket: Function not implemented That's consistent at least. audit_open in audit-libs can only fail if it cannot create the netlink socket, too. I wonder if this is related, from your strace: setup() = -1 ENOSYS (Function not implemented) That is, if we are calling the wrong system call. But there are literally no changes between -7 and -9 in the glibc package itself which would cause this. I wonder if it is a difference between those two, used for building the packages: kernel-headers-4.2.8-300.fc23.s390 kernel-headers-4.3.5-300.fc23.s390 [root@devel10 ~]# strace ip link execve("/usr/sbin/ip", ["ip", "link"], [/* 25 vars */]) = 0 brk(NULL) = 0x81091000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd489000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd487000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=20333, ...}) = 0 mmap(NULL, 20333, PROT_READ, MAP_PRIVATE, 3, 0) = 0x3fffd482000 close(3) = 0 open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\0\16\350"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=19696, ...}) = 0 mmap(NULL, 16712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffd47d000 mmap(0x3fffd480000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x3fffd480000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\2\1\3\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\2+\320"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=2114832, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd47c000 mmap(NULL, 1841232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3fffd2ba000 mmap(0x3fffd472000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b7000) = 0x3fffd472000 mmap(0x3fffd478000, 14416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3fffd478000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd2b9000 mprotect(0x3fffd472000, 16384, PROT_READ) = 0 mprotect(0x3fffd480000, 4096, PROT_READ) = 0 mprotect(0x8005c000, 4096, PROT_READ) = 0 mprotect(0x3fffd4b3000, 4096, PROT_READ) = 0 munmap(0x3fffd482000, 20333) = 0 setup() = -1 ENOSYS (Function not implemented) dup(2) = 3 fcntl(3, F_GETFL) = 0x8402 (flags O_RDWR|O_APPEND|O_LARGEFILE) brk(NULL) = 0x81091000 brk(0x810b2000) = 0x810b2000 brk(NULL) = 0x810b2000 fstat(3, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fffd486000 write(3, "Cannot open netlink socket: Func"..., 53Cannot open netlink socket: Function not implemented ) = 53 close(3) = 0 munmap(0x3fffd486000, 4096) = 0 exit_group(1) = ? +++ exited with 1 +++ [root@devel10 ~]# rpm -q kernel systemd glibc kernel-4.2.3-300.fc23.s390x systemd-222-7.fc23.s390x glibc-2.22-9.fc23.s390x Commit 977108f89c989b1eeb5c8d938e1e71913391eb5f (s390: wire up separate socketcalls system calls) went into kernel 4.3. I suspect this is related. FWIW such system doesn't reboot (some socket() failures from systemd), but the other guest which already had 4.3 kernel came back ok (In reply to Florian Weimer from comment #6) > Commit 977108f89c989b1eeb5c8d938e1e71913391eb5f (s390: wire up separate > socketcalls system calls) went into kernel 4.3. I suspect this is related. /me agrees I think the cause are the syscall definitions in sysdeps/unix/sysv/linux/s390/s390-64/syscalls.list: # proper socket implementations: accept - accept Ci:iBN __libc_accept __accept accept bind - bind i:ipi __bind bind … If I read the syscalls framework correctly, they were dormant until the __NR_accept definitions popped up on the kernel side. Scratch build with fix attempt running: http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=2086163 [root@devel10 ~]# rpm -q kernel glibc kernel-4.2.3-300.fc23.s390x glibc-2.22-3.fc23.s390x [root@devel10 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enccw0.0.0800: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 1000 link/ether 02:00:00:00:00:77 brd ff:ff:ff:ff:ff:ff inet 10.16.104.73/21 brd 10.16.111.255 scope global enccw0.0.0800 valid_lft forever preferred_lft forever inet6 fe80::200:0:600:77/64 scope link valid_lft forever preferred_lft forever [root@devel10 ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enccw0.0.0800: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 02:00:00:00:00:77 brd ff:ff:ff:ff:ff:ff [root@devel10 ~]# dnf update http://s390.koji.fedoraproject.org/kojifiles/work/tasks/6165/2086165/glibc-common-2.22-10.fc23.s390x.rpm http://s390.koji.fedoraproject.org/kojifiles/work/tasks/6165/2086165/glibc-2.22-10.fc23.s390x.rpm Last metadata expiration check performed 0:58:44 ago on Fri Feb 19 13:28:21 2016. Dependencies resolved. ====================================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================================== Upgrading: glibc s390x 2.22-10.fc23 @commandline 3.4 M glibc-common s390x 2.22-10.fc23 @commandline 11 M Transaction Summary ====================================================================================================================================================================== Upgrade 2 Packages Total size: 15 M Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Upgrading : glibc-2.22-10.fc23.s390x 1/4 Upgrading : glibc-common-2.22-10.fc23.s390x 2/4 Cleanup : glibc-2.22-3.fc23.s390x 3/4 Cleanup : glibc-common-2.22-3.fc23.s390x 4/4 Verifying : glibc-common-2.22-10.fc23.s390x 1/4 Verifying : glibc-2.22-10.fc23.s390x 2/4 Verifying : glibc-2.22-3.fc23.s390x 3/4 Verifying : glibc-common-2.22-3.fc23.s390x 4/4 Upgraded: glibc.s390x 2.22-10.fc23 glibc-common.s390x 2.22-10.fc23 Complete! [root@devel10 ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enccw0.0.0800: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 02:00:00:00:00:77 brd ff:ff:ff:ff:ff:ff [root@devel10 ~]# rpm -q glibc glibc-2.22-10.fc23.s390x (In reply to Florian Weimer from comment #10) > Scratch build with fix attempt running: > > http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=2086163 yes, seems to be fixed, I did updates to kernel, reboots, etc and all works. glibc-2.22-10.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b88ff23a4 glibc-2.21-12.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec3bf7e66 glibc-2.22-10.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b88ff23a4 glibc-2.21-12.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec3bf7e66 glibc-2.22-10.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. glibc-2.21-12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |