snapd from 'write' accesses on the directory dconf.

July 11, 2019, 7:54 am

≫ Next: 0016262: Packages installation fails from buildlogs repos

≪ Previous: 0016260: Users in git.centos.org can't delete their own forks

Description of problem: removed with snap SELinux is preventing /usr/libexec/snapd/snapd from 'write' accesses on the directory dconf. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that snapd should be allowed write access on the dconf directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'snapd' --raw | audit2allow -M my-snapd # semodule -i my-snapd.pp Additional Information: Source Context system_u:system_r:snappy_t:s0 Target Context unconfined_u:object_r:config_home_t:s0 Target Objects dconf [ dir ] Source snapd Source Path /usr/libexec/snapd/snapd Port <Unknown> Host (removed) Source RPM Packages snapd-2.39.2-1.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2019-07-11 17:51:52 EEST Last Seen 2019-07-11 17:51:52 EEST Local ID 79b2edc9-5441-421a-bf11-7709fca4085a Raw Audit Messages type=AVC msg=audit(1562856712.628:4460): avc: denied { write } for pid=8269 comm="snapd" name="dconf" dev="tmpfs" ino=155355 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1562856712.628:4460): avc: denied { remove_name } for pid=8269 comm="snapd" name="user" dev="tmpfs" ino=155356 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir permissive=1 type=SYSCALL msg=audit(1562856712.628:4460): arch=x86_64 syscall=unlinkat success=yes exit=0 a0=ffffffffffffff9c a1=c0005d5080 a2=0 a3=0 items=0 ppid=1 pid=8269 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=snapd exe=/usr/libexec/snapd/snapd subj=system_u:system_r:snappy_t:s0 key=(null) Hash: snapd,snappy_t,config_home_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.12.noarch

↧

0016262: Packages installation fails from buildlogs repos

July 11, 2019, 10:10 am

≫ Next: 0016263: Access to Fedora CoreOS Jenkins Instance

≪ Previous: 0016261: SELinux is preventing /usr/libexec/snapd/snapd from 'write' accesses on the directory dconf.

When installing packages from different buildlogs repos, in some cases (not every installation, but a high percentage) fails with "Error 302 - Maximum (5) redirects followed " Examples: From: <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/</a> (mapped to cloud7-openstack-queens-testing), Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: mariadb-server-galera x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 41 k Installing for dependencies: mariadb x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 6.3 M mariadb-common x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 62 k mariadb-errmsg x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 199 k mariadb-libs x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 643 k mariadb-server x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 19 M perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-DBD-MySQL x86_64 4.023-6.el7 base 140 k perl-DBI x86_64 1.627-4.el7 base 802 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-PlRPC noarch 0.2020-14.el7 base 36 k socat x86_64 1.7.3.2-2.el7 base 290 k Transaction Summary =================================================================================================================================================================================================================== Install 1 Package (+14 Dependent packages) Total download size: 28 M Installed size: 142 M Is this ok [y/d/N]: y Downloading packages: (1/15): mariadb-10.1.20-2.el7.x86_64.rpm | 6.3 MB 00:00:00 (2/15): mariadb-errmsg-10.1.20-2.el7.x86_64.rpm | 199 kB 00:00:00 (3/15): mariadb-libs-10.1.20-2.el7.x86_64.rpm | 643 kB 00:00:00 (4/15): mariadb-server-10.1.20-2.el7.x86_64.rpm | 19 MB 00:00:00 (5/15): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm | 32 kB 00:00:00 (6/15): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm | 57 kB 00:00:00 (7/15): perl-Data-Dumper-2.145-3.el7.x86_64.rpm | 47 kB 00:00:00 (8/15): perl-IO-Compress-2.061-2.el7.noarch.rpm | 260 kB 00:00:00 (9/15): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:00:00 (10/15): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00:00 (11/15): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00:00 (12/15): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00:00 (13/15): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm | 140 kB 00:00:00 mariadb-common-10.1.20-2.el7.x FAILED <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-common-10.1.20-2.el7.x86_64.rpm:">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-common-10.1.20-2.el7.x86_64.rpm:</a> [Errno 14] Error 302 - Maximum (5) redirects followed ] 0.0 B/s | 0 B --:--:-- ETA Trying other mirror. mariadb-server-galera-10.1.20- FAILED <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-server-galera-10.1.20-2.el7.x86_64.rpm:">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-server-galera-10.1.20-2.el7.x86_64.rpm:</a> [Errno 14] Error 302 - Maximum (5) redirects followed ] 0.0 B/s | 0 B --:--:-- ETA Trying other mirror. Error downloading packages: 3:mariadb-server-galera-10.1.20-2.el7.x86_64: [Errno 256] No more mirrors to try. 3:mariadb-common-10.1.20-2.el7.x86_64: [Errno 256] No more mirrors to try. From <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/</a> # yumdownloader GitPython Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * base: centos-distro.cavecreek.net * centos-ceph-nautilus: centos-distro.cavecreek.net * centos-nfs-ganesha28: mirror.sjc02.svwh.net * centos-qemu-ev: mirror.keystealth.org * extras: mirrors.usc.edu * updates: mirror.hostduplex.com GitPython-1.0.1-5.el7.noarch.r FAILED <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/GitPython-1.0.1-5.el7.noarch.rpm:">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/GitPython-1.0.1-5.el7.noarch.rpm:</a> [Errno 14] Error 302 - Maximum (5) redirects followed ] 0.0 B/s | 0 B --:--:-- ETA Trying other mirror. GitPython-1.0.1-5.el7.noarch: [Errno 256] No more mirrors to try.

↧

0016263: Access to Fedora CoreOS Jenkins Instance

July 11, 2019, 11:35 am

≫ Next: 0016242: SMB/CIFS server connection stalls accessing files using kernel-3.10.0-957.21.3.el7

≪ Previous: 0016262: Packages installation fails from buildlogs repos

Hi, I work on the Fedora CoreOS project and need access granted on my account (my apps.ci.centos.org account name is also slowrie) for this server (<a href="https://jenkins-fedora-coreos.apps.ci.centos.org">https://jenkins-fedora-coreos.apps.ci.centos.org</a>). Thanks, --Stephen

↧

0016242: SMB/CIFS server connection stalls accessing files using kernel-3.10.0-957.21.3.el7

July 11, 2019, 2:03 pm

≫ Next: 0016131: CentOS7 AWS Marketplace AMI only supports some of the x1e class of instances.

≪ Previous: 0016263: Access to Fedora CoreOS Jenkins Instance

When accessing files on a SMB share on a CentOS server running kernel 3.10.0-957.21.3.el7 the connection appears to stall. The client will hang and eventually log something along the line of: kernel: CIFS VFS: Server *** has not responded in 120 seconds. Reconnecting... kernel: CIFS VFS: Send error in read = -11 - The issue does not occur when the server is running an older kernel, including kernel-3.10.0-957.21.2.el7.x86_64. - Reliably triggered by reading several files (e.g. `grep "something" * -R` or `git status`) - Listing files does not appear to trigger the issue - Tested with fully patched CentOS 7 and Ubuntu 18.04 as clients

↧

0016131: CentOS7 AWS Marketplace AMI only supports some of the x1e class of instances.

July 11, 2019, 3:19 pm

≫ Next: 0016264: Add bgilbert to Fedora CoreOS projects

≪ Previous: 0016242: SMB/CIFS server connection stalls accessing files using kernel-3.10.0-957.21.3.el7

When attempting to spin up an x1e.xlarge in US-EAST-1 (N. Virginia) with the Centos Image listed here: <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW?qid=1559154080727&sr=0-1&ref_=srh_res_product_title">https://aws.amazon.com/marketplace/pp/B00O7WM7QW?qid=1559154080727&sr=0-1&ref_=srh_res_product_title</a> you will be presented with an error.

↧

0016264: Add bgilbert to Fedora CoreOS projects

July 11, 2019, 3:55 pm

≫ Next: 0016265: kernel panics in fsnotify_connector_destroy_workfn/kmem_cache_free

≪ Previous: 0016131: CentOS7 AWS Marketplace AMI only supports some of the x1e class of instances.

Please add `bgilbert` to the `fedora-coreos` and `fedora-coreos-devel` projects. Thanks!

↧

0016265: kernel panics in fsnotify_connector_destroy_workfn/kmem_cache_free

July 11, 2019, 11:39 pm

≫ Next: 0016266: Please create user "lucab" on Openshift cluster, with access to projects "fedora-coreos" and "fedora-coreos-devel"

≪ Previous: 0016264: Add bgilbert to Fedora CoreOS projects

The kernel version is 3.10.0-862.el7.x86_64. We have k8s pods running on this, kubelet version 1.13.7. And quite ocassionally, we encountered kernel panic, like the following: [97056.631232] Workqueue: events_unbound fsnotify_connector_destroy_workfn [97056.632214] task: ffff95a43f6c8fd0 ti: ffff95a34e244000 task.ti: ffff95a34e244000 [97056.632827] RIP: 0010:[<ffffffff9d1f6663>] [<ffffffff9d1f6663>] kmem_cache_free+0x143/0x200 [97056.633493] RSP: 0018:ffff95a34e247de0 EFLAGS: 00010286 [97056.634485] RAX: ffffe3f4e8000000 RBX: ffff95a400000000 RCX: 0000000000000000 [97056.635527] RDX: ffffe3f4e8000000 RSI: ffff95a400000000 RDI: 0000000000000000 [97056.636575] RBP: ffff95a34e247df8 R08: ffffffff9dd420a0 R09: 000188d6db4a30a0 [97056.637234] R10: 000188d6db4a30a0 R11: 0000000000000005 R12: ffff959b75981800 [97056.638034] R13: ffff959b6f515400 R14: ffff959b7fd13e00 R15: 0000000000000200 [97056.639436] FS: 0000000000000000(0000) GS:ffff95a43fc80000(0000) knlGS:0000000000000000 [97056.640414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [97056.641488] CR2: 00000000000000b8 CR3: 000000095074c000 CR4: 00000000003607e0 [97056.642633] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [97056.643666] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [97056.644538] Call Trace: [97056.645264] [<ffffffff9d2624db>] fsnotify_connector_destroy_workfn+0x6b/0x80 [97056.646013] [<ffffffff9d0b2dff>] process_one_work+0x17f/0x440 [97056.646900] [<ffffffff9d0b3ac6>] worker_thread+0x126/0x3c0 [97056.647963] [<ffffffff9d0b39a0>] ? manage_workers.isra.24+0x2a0/0x2a0 [97056.648993] [<ffffffff9d0bae31>] kthread+0xd1/0xe0 [97056.650027] [<ffffffff9d0bad60>] ? insert_kthread_work+0x40/0x40 [97056.651071] [<ffffffff9d71f637>] ret_from_fork_nospec_begin+0x21/0x21 [97056.652111] [<ffffffff9d0bad60>] ? insert_kthread_work+0x40/0x40 [97056.652719] Code: 48 c1 e8 0c 48 c1 e0 06 48 03 05 e9 ad a4 00 48 8b 10 80 e6 80 0f 85 b4 00 00 00 48 89 c2 48 8b 7a 30 49 39 fc 0f 84 e0 fe ff ff <48> 8b 87 b8 00 00 00 48 85 c0 74 0a 4c 3b 60 20 0f 84 cd fe ff [97056.654656] RIP [<ffffffff9d1f6663>] kmem_cache_free+0x143/0x200 [97056.655325] RSP <ffff95a34e247de0> [97056.656012] CR2: 00000000000000b8 Noticed that there is similar issue reported against kernel 4.14, but not very confirmed if it is the same issue (<a href="http://lists-archives.com/linux-kernel/29098940-kernel-4-14-x-crash-around-fsnotify_mark_connector.html">http://lists-archives.com/linux-kernel/29098940-kernel-4-14-x-crash-around-fsnotify_mark_connector.html</a>) Hope to know if anyone has any idea on how this occurs,

↧

0016266: Please create user "lucab" on Openshift cluster, with access to projects "fedora-coreos" and "fedora-coreos-devel"

July 12, 2019, 8:30 am

≫ Next: 0016267: SELinux is preventing /usr/sbin/sshd from using the 'signull' accesses on a process.

≪ Previous: 0016265: kernel panics in fsnotify_connector_destroy_workfn/kmem_cache_free

Hi, as part of Fedora CoreOS development I'd like to get access to <a href="https://jenkins-fedora-coreos.apps.ci.centos.org">https://jenkins-fedora-coreos.apps.ci.centos.org.</a> As such, I'm requesting a new user to be created on the Openshift cluster, with proper RBAC for accessing Fedora CoreOS resources. Requested username: lucab Projects access: * fedora-coreos * fedora-coreos-devel I can be reached over GPG at <a href="mailto:luca.bruno@coreos.com">luca.bruno@coreos.com</a>. My key is on keyservers, fingerprint is 4C8413AA38176150A8906994BB1A3A854F3BBEBF. My sponsor is jlebon, which should be chiming in here soon.

↧

0016267: SELinux is preventing /usr/sbin/sshd from using the 'signull' accesses on a process.

July 12, 2019, 2:07 pm

≫ Next: 0015141: on reboot after initial creation attempting to start VDO crashes system

≪ Previous: 0016266: Please create user "lucab" on Openshift cluster, with access to projects "fedora-coreos" and "fedora-coreos-devel"

Description of problem: SELinux is preventing /usr/sbin/sshd from using the 'signull' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sshd should be allowed signull access on processes labeled unconfined_service_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sshd' --raw | audit2allow -M my-sshd # semodule -i my-sshd.pp Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ process ] Source sshd Source Path /usr/sbin/sshd Port <Unknown> Host (removed) Source RPM Packages openssh-server-7.4p1-16.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 Alert Count 4 First Seen 2019-06-28 16:00:56 PDT Last Seen 2019-06-28 16:04:00 PDT Local ID 4c78ad3f-e2f8-44a4-8ae3-3ea759cf0146 Raw Audit Messages type=AVC msg=audit(1561763040.671:280): avc: denied { signull } for pid=36999 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=0 type=SYSCALL msg=audit(1561763040.671:280): arch=x86_64 syscall=kill success=no exit=EACCES a0=8d8c a1=0 a2=b a3=6 items=0 ppid=23644 pid=36999 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Hash: sshd,sshd_t,unconfined_service_t,process,signull Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.12.noarch

↧

0015141: on reboot after initial creation attempting to start VDO crashes system

July 12, 2019, 3:54 pm

≫ Next: 0016268: [abrt] firefox: in(): firefox killed by SIGSEGV

≪ Previous: 0016267: SELinux is preventing /usr/sbin/sshd from using the 'signull' accesses on a process.

After creating a vdo device for dedup/compression and using it, any system reboot after that the device being mounted (automatically or manually) will cause a system abend. Tried two hardware platforms. Lenovo TinyPC 710 with USB storage, and Lenovo TD with LSI Megaraid. able to reproduce now attempting 5 times, every time, same error message.

↧

0016268: [abrt] firefox: in(): firefox killed by SIGSEGV

July 13, 2019, 3:05 am

≫ Next: 0016269: [abrt] firefox: pthread_cond_wait@@GLIBC_2.3.2(): firefox killed by SIGSEGV

≪ Previous: 0015141: on reboot after initial creation attempting to start VDO crashes system

Description of problem: Version-Release number of selected component: firefox-60.7.0-1.el7.centos Truncated backtrace: Thread no. 38 (1 frames) #0 0x00002ad50d35220d in at /usr/lib64/libc.so.6

↧

0016269: [abrt] firefox: pthread_cond_wait@@GLIBC_2.3.2(): firefox killed by SIGSEGV

July 13, 2019, 3:12 am

≫ Next: 0016244: [abrt] kernel: WARNING: CPU: 2 PID: 58 at drivers/thunderbolt/switch.c:587 tb_switch_add+0x6f6/0x7c0

≪ Previous: 0016268: [abrt] firefox: in(): firefox killed by SIGSEGV

Description of problem: Version-Release number of selected component: firefox-60.7.2-1.el7.centos Truncated backtrace: Thread no. 40 (3 frames) #0 pthread_cond_wait@@GLIBC_2.3.2 at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 mozilla::detail::ConditionVariableImpl::wait(mozilla::detail::MutexImpl&) #2 mozilla::image::AnimationSurfaceProvider::Run() at /usr/lib64/firefox/libxul.so

↧

0016244: [abrt] kernel: WARNING: CPU: 2 PID: 58 at drivers/thunderbolt/switch.c:587 tb_switch_add+0x6f6/0x7c0

July 13, 2019, 9:17 am

≫ Next: 0016270: When running groupinstall RT for cern repo there is a conflict in tuned versions.

≪ Previous: 0016269: [abrt] firefox: pthread_cond_wait@@GLIBC_2.3.2(): firefox killed by SIGSEGV

Description of problem: The problem occurred just after having switched on the laptop. Version-Release number of selected component: kernel Truncated backtrace: WARNING: CPU: 2 PID: 58 at drivers/thunderbolt/switch.c:587 tb_switch_add+0x6f6/0x7c0 Device: thunderbolt#0120:2: non switch port without a PHY Modules linked in: tcp_lp fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink nls_utf8 cifs ccm dns_resolver ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bnep sunrpc iTCO_wdt iTCO_vendor_support mei_wdt intel_wmi_thunderbolt arc4 vfat iwlmvm fat intel_pmc_core intel_powerclamp coretemp intel_rapl mac80211 kvm irqbypass crc32_pclmul ghash_clmulni_intel snd_hda_codec_hdmi aesni_intel lrw gf128mul glue_helper ablk_helper snd_hda_codec_conexant cryptd snd_hda_codec_generic snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc iwlwifi snd_soc_acpi snd_soc_core snd_compress snd_hda_intel snd_hda_codec pcspkr snd_hda_core snd_hwdep snd_seq snd_seq_device btusb btrtl btbcm btintel snd_pcm bluetooth cfg80211 rtsx_pci_ms i2c_i801 uvcvideo snd_timer memstick videobuf2_vmalloc videobuf2_memops videobuf2_core joydev videodev mei_me mei hid_sensor_accel_3d hid_sensor_magn_3d hid_sensor_gyro_3d hid_sensor_rotation hid_sensor_als hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer idma64 virt_dma i2c_designware_platform i2c_designware_core thinkpad_acpi snd soundcore rfkill pinctrl_sunrisepoint pinctrl_intel wmi tpm_crb acpi_pad sch_fq_codel ip_tables xfs libcrc32c rtsx_pci_sdmmc mmc_core hid_wacom hid_sensor_custom i915 crct10dif_pclmul crct10dif_common crc32c_intel serio_raw nvme e1000e nvme_core rtsx_pci ptp pps_core i2c_algo_bit iosf_mbi drm_kms_helper syscopyarea i2c_hid sysfillrect video sysimgblt fb_sys_fops drm hid_sensor_hub drm_panel_orientation_quirks dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 58 Comm: kworker/u16:1 Kdump: loaded Not tainted 3.10.0-957.5.1.el7.x86_64 #1 Hardware name: LENOVO 20JHCTO1WW/20JHCTO1WW, BIOS R0HET39W (1.19 ) 09/29/2017 Workqueue: kacpi_hotplug acpi_hotplug_work_fn Call Trace: [<ffffffffab361e41>] dump_stack+0x19/0x1b [<ffffffffaac97688>] __warn+0xd8/0x100 [<ffffffffaac9770f>] warn_slowpath_fmt+0x5f/0x80 [<ffffffffab202e06>] tb_switch_add+0x6f6/0x7c0 [<ffffffffab202379>] ? tb_switch_alloc+0x409/0x560 [<ffffffffab208e76>] icm_start+0x56/0xb0 [<ffffffffab206867>] tb_domain_add+0xc7/0x110 [<ffffffffab1fc634>] nhi_probe+0x174/0x320 [<ffffffffaafc514a>] local_pci_probe+0x4a/0xb0 [<ffffffffaafc6889>] pci_device_probe+0x109/0x160 [<ffffffffab0a8905>] driver_probe_device+0xc5/0x3e0 [<ffffffffab0a8c20>] ? driver_probe_device+0x3e0/0x3e0 [<ffffffffab0a8c63>] __device_attach+0x43/0x50 [<ffffffffab0a6585>] bus_for_each_drv+0x75/0xc0 [<ffffffffab0a8740>] device_attach+0x90/0xb0 [<ffffffffaafba4ef>] pci_bus_add_device+0x4f/0xa0 [<ffffffffaafba579>] pci_bus_add_devices+0x39/0x80 [<ffffffffaafba5a7>] pci_bus_add_devices+0x67/0x80 [<ffffffffaafba5a7>] pci_bus_add_devices+0x67/0x80 [<ffffffffaafe2969>] enable_slot+0x239/0x4a0 [<ffffffffaafe1b88>] ? get_slot_status+0xa8/0x110 [<ffffffffaafe2cd7>] acpiphp_check_bridge.part.9+0x107/0x140 [<ffffffffaafe2f18>] acpiphp_hotplug_notify+0x138/0x210 [<ffffffffaafe2de0>] ? acpiphp_post_dock_fixup+0xd0/0xd0 [<ffffffffab00900e>] acpi_device_hotplug+0x3b7/0x41a [<ffffffffab0020d7>] acpi_hotplug_work_fn+0x1e/0x29 [<ffffffffaacb9d8f>] process_one_work+0x17f/0x440 [<ffffffffaacbae26>] worker_thread+0x126/0x3c0 [<ffffffffaacbad00>] ? manage_workers.isra.25+0x2a0/0x2a0 [<ffffffffaacc1c71>] kthread+0xd1/0xe0 [<ffffffffaacc1ba0>] ? insert_kthread_work+0x40/0x40 [<ffffffffab374c1d>] ret_from_fork_nospec_begin+0x7/0x21 [<ffffffffaacc1ba0>] ? insert_kthread_work+0x40/0x40

↧

0016270: When running groupinstall RT for cern repo there is a conflict in tuned versions.

July 15, 2019, 2:14 am

≫ Next: 0016271: The groupinstall RT with CERN repo doesn't allow to start the tuned realtime profile.

≪ Previous: 0016244: [abrt] kernel: WARNING: CPU: 2 PID: 58 at drivers/thunderbolt/switch.c:587 tb_switch_add+0x6f6/0x7c0

When doing `groupinstall RT` from cern repo there is a conflict in tuned versions installed

↧

0016271: The groupinstall RT with CERN repo doesn't allow to start the tuned realtime profile.

July 15, 2019, 2:17 am

≫ Next: 0016253: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.

≪ Previous: 0016270: When running groupinstall RT for cern repo there is a conflict in tuned versions.

After installing the RT kernel with cern repo ` groupinstall RT` it's not possible to start the tuned realtime profile. ``` > tuned-adm profile realtime Cannot load profile 'realtime': Assertion 'isolated_cores are set' failed. ``` Workaround: edit the `/etc/tuned/realtime-variables.conf` to include: # Examples: isolated_cores=2,4-7 # isolated_cores=2-23 #

↧

0016253: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.

July 9, 2019, 7:43 am

≫ Next: 0016254: SELinux is preventing /usr/sbin/tcpdump from 'ioctl' accesses on the file /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-1...

≪ Previous: 0016271: The groupinstall RT with CERN repo doesn't allow to start the tuned realtime profile.

Description of problem: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t. ***** Plugin mozplugger (99.1 confidence) suggests ************************ If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests ************************** If you believe that ps should be allowed sys_ptrace access on cap_userns labeled mozilla_plugin_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ps' --raw | audit2allow -M my-ps # semodule -i my-ps.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Objects Unknown [ cap_userns ] Source ps Source Path ps Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.2.0-1.el7.elrepo.x86_64 #1 SMP Mon Jul 8 09:37:45 EDT 2019 x86_64 x86_64 Alert Count 6 First Seen 2019-07-09 11:06:31 -03 Last Seen 2019-07-09 11:06:31 -03 Local ID ec3a4a36-f319-46a3-9d7b-2cf222e91276 Raw Audit Messages type=AVC msg=audit(1562681191.381:237): avc: denied { sys_ptrace } for pid=5238 comm="ps" capability=19 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0 Hash: ps,mozilla_plugin_t,mozilla_plugin_t,cap_userns,sys_ptrace Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.12.noarch

↧

0016254: SELinux is preventing /usr/sbin/tcpdump from 'ioctl' accesses on the file /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-1...

July 9, 2019, 11:26 am

≫ Next: 0016272: cups-pdf produces one single empty page regardless of input

≪ Previous: 0016253: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.

Description of problem: was installing the oracle grid, when it restarted without finishing the installation SELinux is preventing /usr/sbin/tcpdump from 'ioctl' accesses on the file /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-141720/tcpdump_enp0s8.trc. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that tcpdump should be allowed ioctl access on the tcpdump_enp0s8.trc file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'tcpdump' --raw | audit2allow -M my-tcpdump # semodule -i my-tcpdump.pp Additional Information: Source Context system_u:system_r:netutils_t:s0 Target Context system_u:object_r:user_home_t:s0 Target Objects /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709- 141720/tcpdump_enp0s8.trc [ file ] Source tcpdump Source Path /usr/sbin/tcpdump Port <Unknown> Host (removed) Source RPM Packages tcpdump-4.9.2-3.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 Alert Count 851 First Seen 2019-07-09 11:29:51 EDT Last Seen 2019-07-09 14:17:21 EDT Local ID 3f4aaf9d-4e0e-49eb-895c-eb1e41c33373 Raw Audit Messages type=AVC msg=audit(1562696241.42:3547): avc: denied { ioctl } for pid=1605 comm="tcpdump" path="/home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-141720/tcpdump_enp0s8.trc" dev="dm-2" ino=102543772 ioctlcmd=5401 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1562696241.42:3547): arch=x86_64 syscall=ioctl success=no exit=EACCES a0=1 a1=5401 a2=7ffd87f87da0 a3=7ffd87f878a0 items=0 ppid=1594 pid=1605 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=tcpdump exe=/usr/sbin/tcpdump subj=system_u:system_r:netutils_t:s0 key=(null) Hash: tcpdump,netutils_t,user_home_t,file,ioctl Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.12.noarch

↧

0016272: cups-pdf produces one single empty page regardless of input

July 16, 2019, 5:53 am

≫ Next: 0016273: libvirt OS detection falls back to Alpine on CentOS 7.6.1810 install disk

≪ Previous: 0016254: SELinux is preventing /usr/sbin/tcpdump from 'ioctl' accesses on the file /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-1...

Trying to print various files: convert -page A0+0+0 /data/dwdsat/fetched/data/Z__C_EDZW_20190716111509_obs01,obs_wmo_dl_N_999999_999999_201907161100_KU4.png PS:- 2>>${LOG_FILE} | lp -o media=A4 -o page-top=28 -o fitplot -d "CUPS-PDF" | awk '{print $4}' 2>>${LOG_FILE} This sends the generated EPS directly to the printer CUPS-PDF. cups-pdf takes the input and then generates a one empty side printout. convert does its job: convert -page A0+0+0 /data/dwdsat/fetched/data/Z__C_EDZW_20190716111509_obs01,obs_wmo_dl_N_999999_999999_201907161100_KU4.png PS:output.ps generates a postscript file readable by gs or evince. Even: convert -page A0+0+0 /data/dwdsat/fetched/data/Z__C_EDZW_20190716111509_obs01,obs_wmo_dl_N_999999_999999_201907161100_KU4.png PDF:output.pdf works as expected. Now I could: # cat output.ps | lp -o media=A4 -o page-top=28 -o fitplot -d "CUPS-PDF" or # cat output.pdf | lp -o media=A4 -o page-top=28 -o fitplot -d "CUPS-PDF" both generate the "one-empty-page"-pdf seen above. While both files are viewable by gs or evince.

↧

0016273: libvirt OS detection falls back to Alpine on CentOS 7.6.1810 install disk

July 16, 2019, 10:47 am

≫ Next: 0016274: [abrt] totem: _g_log_abort(): totem-video-thumbnailer killed by SIGTRAP

≪ Previous: 0016272: cups-pdf produces one single empty page regardless of input

When installing a new VM through virt-manager connected to a CentOS 7 host, selecting a CentOS 7.6.1810 install disk auto-detects as Alpine Linux 3.8. Manually filling in "cent" gives choices only of CentOS 6.10 or "Generic default". Checking "Include end-of-life operating systems" allows me to select CentOS 7.0 but there are no later updates of CentOS 7.x listed. The virt hosts are fully-updated with latest versions of all packages as of earlier today.

↧

0016274: [abrt] totem: _g_log_abort(): totem-video-thumbnailer killed by SIGTRAP

July 16, 2019, 12:04 pm

≫ Next: 0016275: [abrt] httpd: httpd killed by SIGSEGV

≪ Previous: 0016273: libvirt OS detection falls back to Alpine on CentOS 7.6.1810 install disk

Description of problem: opening DNxHD .mov files in file browser. Version-Release number of selected component: totem-3.26.2-1.el7 Truncated backtrace: Thread no. 1 (10 frames) #0 _g_log_abort at gmessages.c:583 #1 g_log_default_handler at gmessages.c:3158 #4 g_malloc at gmem.c:104 #5 g_slice_alloc at gslice.c:1025 #6 _sysmem_new_block at gstallocator.c:416 #7 gst_buffer_new_allocate at gstbuffer.c:838 #8 video_buffer_pool_alloc at gstvideopool.c:247 #9 do_alloc_buffer at gstbufferpool.c:274 #10 default_acquire_buffer at gstbufferpool.c:1130 #11 gst_buffer_pool_acquire_buffer at gstbufferpool.c:1261

↧