https://bugzilla.redhat.com/show_bug.cgi?id=1036780
Bug ID: 1036780
Summary: rabbitmq-server wrapper script drops arguments
Product: Fedora
Version: rawhide
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: rhbugs(a)rbu.sh
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
the wrapper script /usr/sbin/rabbitmqctl drops all arguments to the command in
certain cases, for example when the calling user is not root.
I am running a rabbitmq node as a local user (for development) as a regular
user, outside of /var. This works fine, however the Fedora-specific wrapper to
"rabbitctl" will obscure access to the rabbitctl script. It took me quite a
while to debug what was happening, until I found out the command is really a
wrapper whose sole purpose is munging arguments -- and it does it wrong.
Version-Release number of selected component (if applicable):
I am on 3.1.5-1.fc19 but I see the same bug in rawhide.
How reproducible:
Always.
Steps to Reproduce:
1. Be non-root / non-rabbitmq user
2. Run rabbitmqctl status
Actual results:
Error: could not recognise command
Usage:
rabbitmqctl [-n <node>] [-q] <command> [<command options>]
...
Expected results:
Status of node rabbit@localhost ...
[{pid,1234},...
Additional info:
The warning "Only root or rabbitmq should run" should really be "Only root or
rabbitmq must run", as currently it makes it impossible for anyone else.
However, this is not true, as any user *can* run rabbitmq.
Furthermore, users in the rabbitmq group should be able to run management
commands, given the correct parameters.
Lastly, the "rabbitmq-plugins" case looks fishy too, as it allows anyone to run
the rabbitmq-plugins command, and makes the first line obsolete.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027085
Bug ID: 1027085
Summary: erlang-riaknostic-1.2.0 is available
Product: Fedora
Version: rawhide
Component: erlang-riaknostic
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 1.2.0
Current version/release in Fedora Rawhide: 1.1.0-1.fc20
URL: https://api.github.com/repos/basho/riaknostic/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1028657
Bug ID: 1028657
Summary: couchdb should also be usable under normal users
Product: Fedora
Version: rawhide
Component: couchdb
Assignee: lemenkov(a)gmail.com
Reporter: cickumqt(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
1. Running under normal user:
[rpmaker@fab fedpkg]$ couchdb
Apache CouchDB 1.3.1 (LogLevel=info) is starting.
Error opening log file /var/log/couchdb/couch.log: permission denied{"init
terminating in
do_boot",{{badmatch,{error,{bad_return,{{couch_app,start,[normal,["/etc/couchdb/default.ini","/etc/couchdb/local.ini"]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,couch_primary_services,{shutdown,{failed_to_start_child,couch_log,{error,"permission
denied","/var/log/couchdb/couch.log"}}}}}}},[{couch_server_sup,start_server,1,[{file,"couch_server_sup.erl"},{line,98}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,269}]}]}}}}}},[{couch,start,0,[{file,"couch.erl"},{line,18}]},{init,start_it,1,[]},{init,start_em,1,[]}]}}
2. Running under root:
[root@fab fedpkg]# couchdb
Apache CouchDB 1.3.1 (LogLevel=info) is starting.
Apache CouchDB has started. Time to relax.
[info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/
I don't know why this happened, but I think there might have some dirs/files
are operated by incorrect permissions setting.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027729
Bug ID: 1027729
Summary: erlang-folsom-0.8.0 is available
Product: Fedora
Version: rawhide
Component: erlang-folsom
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.8.0
Current version/release in Fedora Rawhide: 0.7.4-2.fc20
URL: https://github.com/boundary/folsom/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1027728
Bug ID: 1027728
Summary: erlang-bear-0.8.0 is available
Product: Fedora
Version: rawhide
Component: erlang-bear
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.8.0
Current version/release in Fedora Rawhide: 0.1.3-2.fc20
URL: https://github.com/boundary/bear/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1059335
Bug ID: 1059335
Summary: CVE-2014-1693 erlang: erlang-inets: command injection
flaw in FTP module [epel-all]
Product: Fedora EPEL
Version: el6
Component: erlang
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, gemi(a)bluewin.ch,
rjones(a)redhat.com, skottler(a)redhat.com
Blocks: 1059331 (CVE-2014-1693)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora EPEL.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
[Bug 1059331] CVE-2014-1693 erlang-inets: command injection flaw in FTP
module
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1059333
Bug ID: 1059333
Summary: CVE-2014-1693 erlang: erlang-inets: command injection
flaw in FTP module [fedora-all]
Product: Fedora
Version: 20
Component: erlang
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: lemenkov(a)gmail.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de, skottler(a)redhat.com
Blocks: 1059331 (CVE-2014-1693)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
[Bug 1059331] CVE-2014-1693 erlang-inets: command injection flaw in FTP
module
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1036280
Bug ID: 1036280
Summary: selinux alerts about rabbitmq server ("access on the
tcp_socket")
Product: Fedora
Version: 20
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: pavel.nedr(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
I've seen flood in journalctl from SEalert about that error.
It begins from startup of the system (rabbitmq is enabled in systemctl)
There is a lot of error messages. They causes "audispd[643]: queue is full -
dropping event" error :)
rabbitmq-server
noarch
3.1.5
1.fc20
$ sudo sealert -l 82db9030-74db-4e60-97ab-6aef447e582d
SELinux is preventing /usr/lib64/erlang/erts-5.10.3/bin/beam.smp from name_bind
access on the tcp_socket .
***** Plugin bind_ports (92.2 confidence) suggests ************************
If you want to allow /usr/lib64/erlang/erts-5.10.3/bin/beam.smp to bind to
network port 10097
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 10097
где PORT_TYPE может принимать значения: amqp_port_t, couchdb_port_t,
jabber_client_port_t, jabber_interserver_port_t.
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If вы хотите выполнить следующее: разрешить NIS
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Дополнительная документация на 'None' ман странице.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests **************************
If вы считаете, что beam.smp следует разрешить доступ name_bind к tcp_socket
по умолчанию.
Then рекомендуется создать отчет об ошибке.
Чтобы разрешить доступ, можно создать локальный модуль политики.
Do
чтобы разрешить доступ, выполните:
# grep beam.smp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:rabbitmq_beam_t:s0
Target Context system_u:object_r:unreserved_port_t:s0
Target Objects [ tcp_socket ]
Source beam.smp
Source Path /usr/lib64/erlang/erts-5.10.3/bin/beam.smp
Port 10097
Host bb.lan
Source RPM Packages erlang-erts-R16B-02.7.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-105.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name bb.lan
Platform Linux bb.lan 3.11.9-300.fc20.x86_64 #1 SMP Wed
Nov
20 22:23:25 UTC 2013 x86_64 x86_64
Alert Count 85
First Seen 2013-11-29 23:40:14 MSK
Last Seen 2013-11-30 15:01:23 MSK
Local ID 82db9030-74db-4e60-97ab-6aef447e582d
Raw Audit Messages
type=AVC msg=audit(1385809283.320:612): avc: denied { name_bind } for
pid=1897 comm="beam.smp" src=10097
scontext=system_u:system_r:rabbitmq_beam_t:s0
tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1385809283.320:612): arch=x86_64 syscall=bind success=no
exit=EACCES a0=12 a1=7fac88cfb900 a2=1c a3=a items=0 ppid=1 pid=1897
auid=4294967295 uid=989 gid=984 euid=989 suid=989 fsuid=989 egid=984 sgid=984
fsgid=984 ses=4294967295 tty=(none) comm=beam.smp
exe=/usr/lib64/erlang/erts-5.10.3/bin/beam.smp
subj=system_u:system_r:rabbitmq_beam_t:s0 key=(null)
Hash: beam.smp,rabbitmq_beam_t,unreserved_port_t,tcp_socket,name_bind
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1033305
Bug ID: 1033305
Summary: rabbitmq-plugins is not in the default $PATH
Product: Fedora
Version: 19
Component: rabbitmq-server
Severity: low
Assignee: hubert.plociniczak(a)gmail.com
Reporter: johnhford(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
This program is used to, for instance, enable the http management console. In
the homebrew distribution, it's available in the default path.
In fedora it's:
$ rpm -ql rabbitmq-server | grep bin/rabbitmq-plugins
/usr/lib/rabbitmq/bin/rabbitmq-plugins
/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.5/sbin/rabbitmq-plugins
In the official distribution, it's in the default path:
$ curl -LO
http://www.rabbitmq.com/releases/rabbitmq-server/v3.2.1/rabbitmq-server-3.2…
$ rpm -qpl rabbitmq-server-3.2.1-1.noarch.rpm | grep bin/rabbitmq-plugin
warning: rabbitmq-server-3.2.1-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key
ID 056e8e56: NOKEY
/usr/lib/rabbitmq/bin/rabbitmq-plugins
/usr/lib/rabbitmq/lib/rabbitmq_server-3.2.1/sbin/rabbitmq-plugins
/usr/sbin/rabbitmq-plugins
How reproducible:
100%
Steps to Reproduce:
1. install rabbitmq-server
2. try to run "sudo rabbitmq-plugins enable rabbitmq_management"
Actual results:
Program not found in $PATH.
Expected results:
Program found in $PATH and can be run
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1059028
Bug ID: 1059028
Summary: rabbitmq restarts fail randomly
Product: Fedora
Version: 20
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: imcleod(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com,
skottler(a)redhat.com
Description of problem:
I originally encountered this issue when installing OpenStack via devstack but
have since been able to reproduce it by simply executing commands inside of a
fresh F20 install.
Version-Release number of selected component (if applicable):
rabbitmq-server-3.1.5-1.fc20.noarch
How reproducible:
Occurs regularly but not 100% of the time
Steps to Reproduce:
/sbin/service rabbitmq-server stop
/sbin/service rabbitmq-server start
rabbitmqctl change_password guest newpassword
Actual results:
About half the time, on a freshly installed F20, this will fail, claiming the
node cannot be contacted. A typical error message:
[root@cob-dell5 ~]# rabbitmqctl change_password guest ozrootpw
Changing password for user "guest" ...
Error: unable to connect to node 'rabbit@cob-dell5': nodedown
DIAGNOSTICS
===========
nodes in question: ['rabbit@cob-dell5']
hosts, their running nodes and ports:
- cob-dell5: [{rabbitmqctl2648,48609}]
current node details:
- node name: 'rabbitmqctl2648@cob-dell5'
- home dir: /var/lib/rabbitmq
- cookie hash: 8DNoVu56TqDYWypW7YXDJw==
Expected results:
Changing password for user "guest" ...
...done.
--
You are receiving this mail because:
You are on the CC list for the bug.