[Bug 1036280] New: selinux alerts about rabbitmq server ("access on the tcp_socket")
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1036280
Bug ID: 1036280
Summary: selinux alerts about rabbitmq server ("access on the
tcp_socket")
Product: Fedora
Version: 20
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: pavel.nedr(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
I've seen flood in journalctl from SEalert about that error.
It begins from startup of the system (rabbitmq is enabled in systemctl)
There is a lot of error messages. They causes "audispd[643]: queue is full -
dropping event" error :)
rabbitmq-server
noarch
3.1.5
1.fc20
$ sudo sealert -l 82db9030-74db-4e60-97ab-6aef447e582d
SELinux is preventing /usr/lib64/erlang/erts-5.10.3/bin/beam.smp from name_bind
access on the tcp_socket .
***** Plugin bind_ports (92.2 confidence) suggests ************************
If you want to allow /usr/lib64/erlang/erts-5.10.3/bin/beam.smp to bind to
network port 10097
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 10097
где PORT_TYPE может принимать значения: amqp_port_t, couchdb_port_t,
jabber_client_port_t, jabber_interserver_port_t.
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If вы хотите выполнить следующее: разрешить NIS
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Дополнительная документация на 'None' ман странице.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests **************************
If вы считаете, что beam.smp следует разрешить доступ name_bind к tcp_socket
по умолчанию.
Then рекомендуется создать отчет об ошибке.
Чтобы разрешить доступ, можно создать локальный модуль политики.
Do
чтобы разрешить доступ, выполните:
# grep beam.smp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:rabbitmq_beam_t:s0
Target Context system_u:object_r:unreserved_port_t:s0
Target Objects [ tcp_socket ]
Source beam.smp
Source Path /usr/lib64/erlang/erts-5.10.3/bin/beam.smp
Port 10097
Host bb.lan
Source RPM Packages erlang-erts-R16B-02.7.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-105.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name bb.lan
Platform Linux bb.lan 3.11.9-300.fc20.x86_64 #1 SMP Wed
Nov
20 22:23:25 UTC 2013 x86_64 x86_64
Alert Count 85
First Seen 2013-11-29 23:40:14 MSK
Last Seen 2013-11-30 15:01:23 MSK
Local ID 82db9030-74db-4e60-97ab-6aef447e582d
Raw Audit Messages
type=AVC msg=audit(1385809283.320:612): avc: denied { name_bind } for
pid=1897 comm="beam.smp" src=10097
scontext=system_u:system_r:rabbitmq_beam_t:s0
tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1385809283.320:612): arch=x86_64 syscall=bind success=no
exit=EACCES a0=12 a1=7fac88cfb900 a2=1c a3=a items=0 ppid=1 pid=1897
auid=4294967295 uid=989 gid=984 euid=989 suid=989 fsuid=989 egid=984 sgid=984
fsgid=984 ses=4294967295 tty=(none) comm=beam.smp
exe=/usr/lib64/erlang/erts-5.10.3/bin/beam.smp
subj=system_u:system_r:rabbitmq_beam_t:s0 key=(null)
Hash: beam.smp,rabbitmq_beam_t,unreserved_port_t,tcp_socket,name_bind
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 5 months
[Bug 1033305] New: rabbitmq-plugins is not in the default $PATH
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1033305
Bug ID: 1033305
Summary: rabbitmq-plugins is not in the default $PATH
Product: Fedora
Version: 19
Component: rabbitmq-server
Severity: low
Assignee: hubert.plociniczak(a)gmail.com
Reporter: johnhford(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
This program is used to, for instance, enable the http management console. In
the homebrew distribution, it's available in the default path.
In fedora it's:
$ rpm -ql rabbitmq-server | grep bin/rabbitmq-plugins
/usr/lib/rabbitmq/bin/rabbitmq-plugins
/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.5/sbin/rabbitmq-plugins
In the official distribution, it's in the default path:
$ curl -LO
http://www.rabbitmq.com/releases/rabbitmq-server/v3.2.1/rabbitmq-server-3...
$ rpm -qpl rabbitmq-server-3.2.1-1.noarch.rpm | grep bin/rabbitmq-plugin
warning: rabbitmq-server-3.2.1-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key
ID 056e8e56: NOKEY
/usr/lib/rabbitmq/bin/rabbitmq-plugins
/usr/lib/rabbitmq/lib/rabbitmq_server-3.2.1/sbin/rabbitmq-plugins
/usr/sbin/rabbitmq-plugins
How reproducible:
100%
Steps to Reproduce:
1. install rabbitmq-server
2. try to run "sudo rabbitmq-plugins enable rabbitmq_management"
Actual results:
Program not found in $PATH.
Expected results:
Program found in $PATH and can be run
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 6 months
[Bug 1059028] New: rabbitmq restarts fail randomly
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1059028
Bug ID: 1059028
Summary: rabbitmq restarts fail randomly
Product: Fedora
Version: 20
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: imcleod(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com,
skottler(a)redhat.com
Description of problem:
I originally encountered this issue when installing OpenStack via devstack but
have since been able to reproduce it by simply executing commands inside of a
fresh F20 install.
Version-Release number of selected component (if applicable):
rabbitmq-server-3.1.5-1.fc20.noarch
How reproducible:
Occurs regularly but not 100% of the time
Steps to Reproduce:
/sbin/service rabbitmq-server stop
/sbin/service rabbitmq-server start
rabbitmqctl change_password guest newpassword
Actual results:
About half the time, on a freshly installed F20, this will fail, claiming the
node cannot be contacted. A typical error message:
[root@cob-dell5 ~]# rabbitmqctl change_password guest ozrootpw
Changing password for user "guest" ...
Error: unable to connect to node 'rabbit@cob-dell5': nodedown
DIAGNOSTICS
===========
nodes in question: ['rabbit@cob-dell5']
hosts, their running nodes and ports:
- cob-dell5: [{rabbitmqctl2648,48609}]
current node details:
- node name: 'rabbitmqctl2648@cob-dell5'
- home dir: /var/lib/rabbitmq
- cookie hash: 8DNoVu56TqDYWypW7YXDJw==
Expected results:
Changing password for user "guest" ...
...done.
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 7 months
[Bug 1117450] New: needs network-online.target instead of network.target
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1117450
Bug ID: 1117450
Summary: needs network-online.target instead of network.target
Product: Fedora
Version: 20
Component: ejabberd
Assignee: lemenkov(a)gmail.com
Reporter: benfell(a)parts-unknown.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Description of problem: silently fails to open assigned interface
Version-Release number of selected component (if applicable): 2.1.13-7.fc20
How reproducible: 100%
Steps to Reproduce:
1. reboot system with ejabberd enabled
2.
3.
Actual results: systemctl sees ejabberd as having successfully started, but it
is inaccessible to clients.
Expected results: clients are able to connect to ejabberd
Additional info: This appears to be of similar origin to bug #116538 (postfix).
I am working around the problem with the following lines in ejabberd.service:
Requires=network-online.target
After=network-online.target
This problem also afflicts nsd, but nsd fails in a way that systemctl
recognizes and reports. To my knowledge, ejabberd, nsd, and postfix are the
only services affected on my server.
This is a server using static addresses. It does not use NetworkManager.
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 7 months
[Bug 1036359] New: ejabberd logs not reopened after rotation
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1036359
Bug ID: 1036359
Summary: ejabberd logs not reopened after rotation
Product: Fedora
Version: 20
Component: ejabberd
Assignee: lemenkov(a)gmail.com
Reporter: redhat(a)subs.maneos.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Description of problem:
Version-Release number of selected component (if applicable):
ejabberd-2.1.13-7.fc20.x86_64
How reproducible:
Steps to Reproduce:
1. Make sure ejabberd is running and logrotate is enabled.
2. Wait until logrotate runs.
3. Check contents of /var/log/ejabberd/ejabberd.log.
Actual results:
0 size file that never gets updated.
Expected results:
File containing log entries for events as they occur.
Additional info:
/etc/logrotate.d/ejabberd is trying to run /usr/sbin/ejabberdctl, but
ejabberdctl is installed in /usr/bin now.
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 7 months
[Bug 1125105] New: erlang packages use libsystemd-daemon.so instead of the new libsystemd.so
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1125105
Bug ID: 1125105
Summary: erlang packages use libsystemd-daemon.so instead of
the new libsystemd.so
Product: Fedora
Version: 21
Component: erlang
Assignee: lemenkov(a)gmail.com
Reporter: zbyszek(a)in.waw.pl
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de, s(a)shk.io
Description of problem:
Various erlang packages use '-lsystemd-daemon' but should switch to
'-lsystemd'.
This causes it to require systemd-compat-libs, containing systemd libraries
with historical names.
For longer explanation see
http://www.spinics.net/lists/fedora-devel/msg200853.html.
Version-Release number of selected component (if applicable):
erlang-asn1-R16B-03.7.fc21.x86_64
erlang-dialyzer-R16B-03.7.fc21.x86_64
erlang-erts-R16B-03.7.fc21.x86_64
erlang-runtime_tools-R16B-03.7.fc21.x86_64
erlang-tools-R16B-03.7.fc21.x86_64
erlang-typer-R16B-03.7.fc21.x86_64
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 8 months