https://bugzilla.redhat.com/show_bug.cgi?id=1036780
Bug ID: 1036780
Summary: rabbitmq-server wrapper script drops arguments
Product: Fedora
Version: rawhide
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: rhbugs(a)rbu.sh
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
the wrapper script /usr/sbin/rabbitmqctl drops all arguments to the command in
certain cases, for example when the calling user is not root.
I am running a rabbitmq node as a local user (for development) as a regular
user, outside of /var. This works fine, however the Fedora-specific wrapper to
"rabbitctl" will obscure access to the rabbitctl script. It took me quite a
while to debug what was happening, until I found out the command is really a
wrapper whose sole purpose is munging arguments -- and it does it wrong.
Version-Release number of selected component (if applicable):
I am on 3.1.5-1.fc19 but I see the same bug in rawhide.
How reproducible:
Always.
Steps to Reproduce:
1. Be non-root / non-rabbitmq user
2. Run rabbitmqctl status
Actual results:
Error: could not recognise command
Usage:
rabbitmqctl [-n <node>] [-q] <command> [<command options>]
...
Expected results:
Status of node rabbit@localhost ...
[{pid,1234},...
Additional info:
The warning "Only root or rabbitmq should run" should really be "Only root or
rabbitmq must run", as currently it makes it impossible for anyone else.
However, this is not true, as any user *can* run rabbitmq.
Furthermore, users in the rabbitmq group should be able to run management
commands, given the correct parameters.
Lastly, the "rabbitmq-plugins" case looks fishy too, as it allows anyone to run
the rabbitmq-plugins command, and makes the first line obsolete.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027085
Bug ID: 1027085
Summary: erlang-riaknostic-1.2.0 is available
Product: Fedora
Version: rawhide
Component: erlang-riaknostic
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 1.2.0
Current version/release in Fedora Rawhide: 1.1.0-1.fc20
URL: https://api.github.com/repos/basho/riaknostic/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1028657
Bug ID: 1028657
Summary: couchdb should also be usable under normal users
Product: Fedora
Version: rawhide
Component: couchdb
Assignee: lemenkov(a)gmail.com
Reporter: cickumqt(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
1. Running under normal user:
[rpmaker@fab fedpkg]$ couchdb
Apache CouchDB 1.3.1 (LogLevel=info) is starting.
Error opening log file /var/log/couchdb/couch.log: permission denied{"init
terminating in
do_boot",{{badmatch,{error,{bad_return,{{couch_app,start,[normal,["/etc/couchdb/default.ini","/etc/couchdb/local.ini"]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,couch_primary_services,{shutdown,{failed_to_start_child,couch_log,{error,"permission
denied","/var/log/couchdb/couch.log"}}}}}}},[{couch_server_sup,start_server,1,[{file,"couch_server_sup.erl"},{line,98}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,269}]}]}}}}}},[{couch,start,0,[{file,"couch.erl"},{line,18}]},{init,start_it,1,[]},{init,start_em,1,[]}]}}
2. Running under root:
[root@fab fedpkg]# couchdb
Apache CouchDB 1.3.1 (LogLevel=info) is starting.
Apache CouchDB has started. Time to relax.
[info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
I don't know why this happened, but I think there might have some dirs/files
are operated by incorrect permissions setting.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027729
Bug ID: 1027729
Summary: erlang-folsom-0.8.0 is available
Product: Fedora
Version: rawhide
Component: erlang-folsom
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.8.0
Current version/release in Fedora Rawhide: 0.7.4-2.fc20
URL: https://github.com/boundary/folsom/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027728
Bug ID: 1027728
Summary: erlang-bear-0.8.0 is available
Product: Fedora
Version: rawhide
Component: erlang-bear
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.8.0
Current version/release in Fedora Rawhide: 0.1.3-2.fc20
URL: https://github.com/boundary/bear/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1036280
Bug ID: 1036280
Summary: selinux alerts about rabbitmq server ("access on the
tcp_socket")
Product: Fedora
Version: 20
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: pavel.nedr(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
I've seen flood in journalctl from SEalert about that error.
It begins from startup of the system (rabbitmq is enabled in systemctl)
There is a lot of error messages. They causes "audispd[643]: queue is full -
dropping event" error :)
rabbitmq-server
noarch
3.1.5
1.fc20
$ sudo sealert -l 82db9030-74db-4e60-97ab-6aef447e582d
SELinux is preventing /usr/lib64/erlang/erts-5.10.3/bin/beam.smp from name_bind
access on the tcp_socket .
***** Plugin bind_ports (92.2 confidence) suggests ************************
If you want to allow /usr/lib64/erlang/erts-5.10.3/bin/beam.smp to bind to
network port 10097
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 10097
где PORT_TYPE может принимать значения: amqp_port_t, couchdb_port_t,
jabber_client_port_t, jabber_interserver_port_t.
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If вы хотите выполнить следующее: разрешить NIS
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Дополнительная документация на 'None' ман странице.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests **************************
If вы считаете, что beam.smp следует разрешить доступ name_bind к tcp_socket
по умолчанию.
Then рекомендуется создать отчет об ошибке.
Чтобы разрешить доступ, можно создать локальный модуль политики.
Do
чтобы разрешить доступ, выполните:
# grep beam.smp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:rabbitmq_beam_t:s0
Target Context system_u:object_r:unreserved_port_t:s0
Target Objects [ tcp_socket ]
Source beam.smp
Source Path /usr/lib64/erlang/erts-5.10.3/bin/beam.smp
Port 10097
Host bb.lan
Source RPM Packages erlang-erts-R16B-02.7.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-105.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name bb.lan
Platform Linux bb.lan 3.11.9-300.fc20.x86_64 #1 SMP Wed
Nov
20 22:23:25 UTC 2013 x86_64 x86_64
Alert Count 85
First Seen 2013-11-29 23:40:14 MSK
Last Seen 2013-11-30 15:01:23 MSK
Local ID 82db9030-74db-4e60-97ab-6aef447e582d
Raw Audit Messages
type=AVC msg=audit(1385809283.320:612): avc: denied { name_bind } for
pid=1897 comm="beam.smp" src=10097
scontext=system_u:system_r:rabbitmq_beam_t:s0
tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1385809283.320:612): arch=x86_64 syscall=bind success=no
exit=EACCES a0=12 a1=7fac88cfb900 a2=1c a3=a items=0 ppid=1 pid=1897
auid=4294967295 uid=989 gid=984 euid=989 suid=989 fsuid=989 egid=984 sgid=984
fsgid=984 ses=4294967295 tty=(none) comm=beam.smp
exe=/usr/lib64/erlang/erts-5.10.3/bin/beam.smp
subj=system_u:system_r:rabbitmq_beam_t:s0 key=(null)
Hash: beam.smp,rabbitmq_beam_t,unreserved_port_t,tcp_socket,name_bind
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1033305
Bug ID: 1033305
Summary: rabbitmq-plugins is not in the default $PATH
Product: Fedora
Version: 19
Component: rabbitmq-server
Severity: low
Assignee: hubert.plociniczak(a)gmail.com
Reporter: johnhford(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
This program is used to, for instance, enable the http management console. In
the homebrew distribution, it's available in the default path.
In fedora it's:
$ rpm -ql rabbitmq-server | grep bin/rabbitmq-plugins
/usr/lib/rabbitmq/bin/rabbitmq-plugins
/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.5/sbin/rabbitmq-plugins
In the official distribution, it's in the default path:
$ curl -LO
http://www.rabbitmq.com/releases/rabbitmq-server/v3.2.1/rabbitmq-server-3.2…
$ rpm -qpl rabbitmq-server-3.2.1-1.noarch.rpm | grep bin/rabbitmq-plugin
warning: rabbitmq-server-3.2.1-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key
ID 056e8e56: NOKEY
/usr/lib/rabbitmq/bin/rabbitmq-plugins
/usr/lib/rabbitmq/lib/rabbitmq_server-3.2.1/sbin/rabbitmq-plugins
/usr/sbin/rabbitmq-plugins
How reproducible:
100%
Steps to Reproduce:
1. install rabbitmq-server
2. try to run "sudo rabbitmq-plugins enable rabbitmq_management"
Actual results:
Program not found in $PATH.
Expected results:
Program found in $PATH and can be run
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1036359
Bug ID: 1036359
Summary: ejabberd logs not reopened after rotation
Product: Fedora
Version: 20
Component: ejabberd
Assignee: lemenkov(a)gmail.com
Reporter: redhat(a)subs.maneos.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Description of problem:
Version-Release number of selected component (if applicable):
ejabberd-2.1.13-7.fc20.x86_64
How reproducible:
Steps to Reproduce:
1. Make sure ejabberd is running and logrotate is enabled.
2. Wait until logrotate runs.
3. Check contents of /var/log/ejabberd/ejabberd.log.
Actual results:
0 size file that never gets updated.
Expected results:
File containing log entries for events as they occur.
Additional info:
/etc/logrotate.d/ejabberd is trying to run /usr/sbin/ejabberdctl, but
ejabberdctl is installed in /usr/bin now.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1023017
Bug ID: 1023017
Summary: Restore ECC support in Erlang's crypto library
Product: Fedora
Version: rawhide
Component: erlang
Severity: high
Assignee: lemenkov(a)gmail.com
Reporter: lemenkov(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de
Right now ECC is disabled explicitly since it looks like Erlang's crypto
library assumes that it's either available fully or not. We've just enabled few
ECC curves so this confuses erlang-crypto and leads to a startup issue like
this:
=ERROR REPORT==== 24-Oct-2013::16:30:48 ===
Unable to load crypto library. Failed with error:
"load_failed, Failed to load NIF library:
'/usr/lib64/erlang/lib/crypto-3.1/priv/lib/crypto.so: undefined symbol:
EC_GROUP_new_curve_GF2m'"
OpenSSL might not be installed on this system.
We should patch crypto module to provide available ECC bits instead of
disabling it completely.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=COwcnn7Cu3&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1038314
Bug ID: 1038314
Summary: Cyclic dependencies: erlang and erlang-examples
Product: Fedora
Version: 19
Component: erlang
Assignee: lemenkov(a)gmail.com
Reporter: jakub.jedelsky(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de
Description of problem:
It is impossible to remove erlang package with /usr/bin/rpm command with
erlang-examples and vice versa. There are cyclic dependencies among these two
packages.
Version-Release number of selected component (if applicable):
erlang-R16B-02.3.fc19.x86_64
How reproducible:
always
Steps to Reproduce:
1. try to remove erlang
$ /usr/bin/rpm -e erlang
returns:
error: Failed dependencies:
erlang(x86-64) = R16B-02.3.fc19 is needed by (installed)
erlang-examples-R16B-02.3.fc19.x86_64
2. try to remove erlang-examples
$ /usr/bin/rpm -e erlang-examples
returns:
error: Failed dependencies:
erlang-examples(x86-64) = R16B-02.3.fc19 is needed by (installed)
erlang-R16B-02.3.fc19.x86_64
3. try to remove erlang
...
Actual results:
can't remove erlang without erlang-examples and vice versa
Expected results:
One of packages is possible to remove without any dependencies.
Additional info:
It's because of puppet, which removes packages through rpm command. There is no
problem with removing through yum.
--
You are receiving this mail because:
You are on the CC list for the bug.