Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Attempted upgrade to Amanda 2.5.0: hangs in amcheck

2008-04-15 21:35:38
Subject: Re: Attempted upgrade to Amanda 2.5.0: hangs in amcheck
From: FL <lengyel AT gmail DOT com>
To: "Dustin J. Mitchell" <dustin AT zmanda DOT com>
Date: Tue, 15 Apr 2008 20:24:25 -0400 
There is more to this story: after addtressing the selinux issue,
and setting the mode of .amandahosts to 600, I now have the
following:

-sh-3.1$ amcheck Daily
Amanda Tape Server Host Check
-----------------------------
Holding disk /home/amanda/holding-disk: 104765 MB disk space
available, using 104665 MB

*** glibc detected *** amcheck: double free or corruption (fasttop):
0x083bef40 ***
======= Backtrace: =========
/lib/libc.so.6[0x23cf5d]
/lib/libc.so.6(cfree+0x90)[0x2405b0]
amcheck[0x8ede03]
amcheck(main+0xc2d)[0x8ef91d]
/lib/libc.so.6(__libc_start_main+0xdc)[0x1ecdec]
amcheck[0x8eaa01]
======= Memory map: ========

Amanda Backup Client Hosts Check
--------------------------------
Client check: 3 hosts checked in 0.662 seconds, 0 problems found

(brought to you by Amanda 2.5.0p2)
-sh-3.1$



On Tue, Apr 15, 2008 at 6:33 PM, FL <lengyel AT gmail DOT com> wrote:
>
> On Tue, Apr 15, 2008 at 6:20 PM, Dustin J. Mitchell <dustin AT zmanda DOT 
> com> wrote:
> > On Tue, Apr 15, 2008 at 6:15 PM, FL <lengyel AT gmail DOT com> wrote:
> > >  ... the wait completes and then
> > >
> > >  wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 5539
> > >  --- SIGCHLD (Child exited) @ 0 (0) ---
> > >  wait4(-1,
> >
> > Does this repeat?  It may be running the changer through a number of slots.
> >
> > If you use the '-f' flag to strace, it will trace the children, too.
> > You should be able to see an 'exec' after the clones.  It will be a
> > lot of data, but it's not too hard to search through.
> >
> >
> > Dustin
> >
> > --
> > Storage Software Engineer
> > http://www.zmanda.com
> >
>
> Now I see something in /var/messages I did not see before: a SElinux alert.
> I'll try setting  the boolean below.  This is probably  because amanda
> is in ldap instead of /etc/passwd.
>
> [root@opennms log]#  sealert -l 93bb144d-f3ca-4dfa-945c-b77c728f571e
> Summary
>    SELinux is preventing /usr/lib/amanda/amandad (amanda_t) "name_connect"
>    access to <Unknown> (ldap_port_t).
>
> Detailed Description
>    SELinux denied access requested by /usr/lib/amanda/amandad. It is not
>    expected that this access is required by /usr/lib/amanda/amandad and this
>    access may signal an intrusion attempt. It is also possible that the
>    specific version or configuration of the application is causing it to
>    require additional access. Please file a
>    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
>
> Allowing Access
>    Sometimes labeling problems can cause SELinux denials.  You could try to
>    restore the default system file context for <Unknown>, restorecon -v
>    <Unknown>. There is currently no automatic way to allow this access.
>    Instead, you can generate a local policy module to allow this access - see
>    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 - or you can
>    disable SELinux protection entirely for the application. Disabling SELinux
>    protection is not recommended. Please file a
>    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
>    Changing the "amanda_disable_trans" boolean to true will disable SELinux
>    protection this application: "setsebool -P amanda_disable_trans=1."
>
>    The following command will allow this access:
>    setsebool -P amanda_disable_trans=1
>
> Additional Information
>
> Source Context                user_u:system_r:amanda_t
> Target Context                system_u:object_r:ldap_port_t
> Target Objects                None [ tcp_socket ]
> Affected RPM Packages         amanda-client-2.5.0p2-4 [application]
> Policy RPM                    selinux-policy-2.4.6-30.el5
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.disable_trans
> Host Name                     opennms.gc.cuny.edu
> Platform                      Linux opennms.gc.cuny.edu 2.6.18-8.1.15.el5 #1 
> SMP
>                              Mon Oct 22 08:32:04 EDT 2007 i686 i686
> Alert Count                   550
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { name_connect } for comm="amandad" dest=389 egid=6 euid=1003
> exe="/usr/lib/amanda/amandad" exit=-13 fsgid=6 fsuid=1003 gid=6 items=0 
> pid=7014
> scontext=user_u:system_r:amanda_t:s0 sgid=6 subj=user_u:system_r:amanda_t:s0
> suid=1003 tclass=tcp_socket tcontext=system_u:object_r:ldap_port_t:s0 
> tty=(none)
> uid=1003
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NFS mount tar incremental problem, Jordan Desroches
Next by Date:  Re: NFS mount tar incremental problem, Dustin J. Mitchell
Previous by Thread:  Re: Attempted upgrade to Amanda 2.5.0: hangs in amcheck, FL
Next by Thread:  Re: Attempted upgrade to Amanda 2.5.0: hangs in amcheck, Dustin J. Mitchell
Indexes:  [Date] [Thread] [Top] [All Lists]