[Bug 1373887] New: Add systemd template services
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1373887
Bug ID: 1373887
Summary: Add systemd template services
Product: Fedora
Version: rawhide
Component: rabbitmq-server
Assignee: lemenkov(a)gmail.com
Reporter: karlthered(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rjones(a)redhat.com, s(a)shk.io
Created attachment 1198657
--> https://bugzilla.redhat.com/attachment.cgi?id=1198657&action=edit
Patch to spec file (needs more testing)
Description of problem:
Some OpenStack services require separate instances of RabbitMQ and shipping a
systemd template services would simplify that
Version-Release number of selected component (if applicable):
current
How reproducible:
N/A
Actual results:
Needs to write custom service file to run separate instances
Expected results:
Packages needing separate instance should just drop in their config files and
systemctl start rabbitmq@FOO to run separate instance of rabbitmq-server
Additional info:
About systemd template unit files:
https://fedoramagazine.org/systemd-template-unit-files/
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 10 months
[Bug 1363724] New: Fix rpmgrill issues
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1363724
Bug ID: 1363724
Summary: Fix rpmgrill issues
Product: Fedora
Version: rawhide
Component: ejabberd
Severity: medium
Assignee: lemenkov(a)gmail.com
Reporter: randy(a)electronsweatshop.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jeremy(a)jcline.org,
lemenkov(a)gmail.com, martin(a)laptop.org,
randy(a)electronsweatshop.com
rpmgrill has reported some issues with ejabberd:
https://taskotron.fedoraproject.org/artifacts/all/256cc5f6-5975-11e6-bc33...
{
"package" : {
"name" : "ejabberd",
"release" : "1.fc25",
"version" : "16.06.1"
},
"results" : {
"timestamp" : 1470227116,
"tool" : "rpmgrill",
"version" : "0.01"
},
"tests" : [
{
"module" : "VirusCheck",
"order" : 2,
"results" : [],
"run_time" : 14,
"status" : "completed"
},
{
"module" : "SpecFileSanity",
"order" : 5,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "SpecFileEncoding",
"order" : 10,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "LibGather",
"order" : 12,
"results" : [],
"run_time" : 1,
"status" : "completed"
},
{
"module" : "ElfChecks",
"order" : 14,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "Patches",
"order" : 15,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"failure_code" : "rpmgrill: Error running strings: No such file or
directory at /usr/share/perl5/vendor_perl/RPM/Grill/Plugin/SecurityPolicy.pm
line 108.\n",
"module" : "SecurityPolicy",
"order" : 16,
"results" : [],
"run_time" : 0,
"status" : "failed"
},
{
"module" : "Multilib",
"order" : 20,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "Manifest",
"order" : 30,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "ManPages",
"order" : 45,
"results" : [
{
"arch" : "armv7hl,i686,x86_64",
"code" : "ManPageMissing",
"diag" : "No man page for <tt>/etc/ejabberd/ejabberd.yml</tt>",
"subpackage" : "ejabberd"
},
{
"arch" : "armv7hl,i686,x86_64",
"code" : "ManPageMissing",
"diag" : "No man page for
<tt>/etc/ejabberd/ejabberdctl.cfg</tt>",
"subpackage" : "ejabberd"
},
{
"arch" : "armv7hl,i686,x86_64",
"code" : "ManPageMissing",
"diag" : "No man page for <tt>/etc/ejabberd/inetrc</tt>",
"subpackage" : "ejabberd"
},
{
"arch" : "armv7hl,i686,x86_64",
"code" : "ManPageMissing",
"diag" : "No man page for <tt>/etc/logrotate.d/ejabberd</tt>",
"subpackage" : "ejabberd"
},
{
"arch" : "armv7hl,i686,x86_64",
"code" : "ManPageMissing",
"diag" : "No man page for <tt>/etc/pam.d/ejabberd</tt>",
"subpackage" : "ejabberd"
},
{
"arch" : "armv7hl,i686,x86_64",
"code" : "ManPageMissing",
"diag" : "No man page for <tt>/etc/pam.d/ejabberdctl</tt>",
"subpackage" : "ejabberd"
}
],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "RpmScripts",
"order" : 90,
"results" : [
{
"arch" : "src",
"code" : "UseraddNoHomedir",
"context" : {
"excerpt" : [
"useradd -r -g %{name} -d %{_localstatedir}/lib/%{name} -s
/sbin/nologin -M -c "ejabberd" %{name}"
],
"lineno" : 168,
"path" : "ejabberd.spec",
"sub" : "%pre"
},
"diag" : "Invocation of <tt>useradd</tt> without a home dir"
},
{
"arch" : "src",
"code" : "UseraddNoShell",
"context" : {
"excerpt" : [
"useradd -r -g %{name} -d %{_localstatedir}/lib/%{name} -s
/sbin/nologin -M -c "ejabberd" %{name}"
],
"lineno" : 168,
"path" : "ejabberd.spec",
"sub" : "%pre"
},
"diag" : "Invocation of <tt>useradd</tt> without a login shell"
},
{
"arch" : "src",
"code" : "UseraddNoUid",
"context" : {
"excerpt" : [
"useradd -r -g %{name} -d %{_localstatedir}/lib/%{name} -s
/sbin/nologin -M -c "ejabberd" %{name}"
],
"lineno" : 168,
"path" : "ejabberd.spec",
"sub" : "%pre"
},
"diag" : "Invocation of <tt>useradd</tt> without specifying a
UID; this may be OK, because /usr/share/doc/setup/uidgid defines no UID for
<var>%{name}</var>"
}
],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "Setxid",
"order" : 91,
"results" : [],
"run_time" : 1,
"status" : "completed"
},
{
"module" : "BuildLog",
"order" : 92,
"results" : [],
"run_time" : 0,
"status" : "completed"
},
{
"module" : "DesktopLint",
"order" : 93,
"results" : [],
"run_time" : 0,
"status" : "completed"
}
]
}
In particular, we should look at the useradd complaints, but also any of the
other reported issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 10 months
[Bug 1393649] New: ejabberd'
s unit file should not launch ejabberdctl with /usr/bin/bash
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1393649
Bug ID: 1393649
Summary: ejabberd's unit file should not launch ejabberdctl
with /usr/bin/bash
Product: Fedora
Version: rawhide
Component: ejabberd
Severity: medium
Assignee: lemenkov(a)gmail.com
Reporter: randy(a)electronsweatshop.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jeremy(a)jcline.org,
lemenkov(a)gmail.com, martin(a)laptop.org,
randy(a)electronsweatshop.com
Depends On: 1393643
External Bug ID: Github processone/ejabberd/issues/1375
Description of problem:
Currently, ejabberdctl is launched by systemd with /usr/bin/bash instead of
being launched directly. This causes the process to run in the initrc_t context
which is very permissive. Instead, systemd should launch ejabberdctl directly.
However, there are two blockers to getting this change done and working, as we
get these AVC denials with this change in place:
type=AVC msg=audit(1478751171.862:648): avc: denied { write } for pid=2989
comm="async_2" name="ejabberd.pem" dev="dm-1" ino=44546
scontext=system_u:system_r:rabbitmq_t:s0
tcontext=unconfined_u:object_r:etc_t:s0 tclass=file permissive=0
type=AVC msg=audit(1478751171.863:649): avc: denied { write } for pid=2989
comm="async_2" name="ejabberd.pem" dev="dm-1" ino=44546
scontext=system_u:system_r:rabbitmq_t:s0
tcontext=unconfined_u:object_r:etc_t:s0 tclass=file permissive=0
type=AVC msg=audit(1478751171.865:650): avc: denied { name_bind } for
pid=2986 comm="beam" src=5349 scontext=system_u:system_r:rabbitmq_t:s0
tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
I've filed a bug upstream to request that they stop trying to open the certfile
in write mode[0], and I've filed a bug against selinux-policy to request that
ejabberd be allowed to use tcp port 5349[1]. Once both of those bugs are fixed,
we can proceed with dropping /usr/bin/bash presuming that we don't then hit
further AVC denials (which could happen).
Version-Release number of selected component (if applicable):
ejabberd-16.08-2.fc25.x86_64
Additional info:
[0] https://github.com/processone/ejabberd/issues/1375
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1393643
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1393643
[Bug 1393643] ejabberd is not allowed to open tcp port 5349
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1341252] New: ejabberd does not log to journald
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1341252
Bug ID: 1341252
Summary: ejabberd does not log to journald
Product: Fedora
Version: rawhide
Component: ejabberd
Assignee: lemenkov(a)gmail.com
Reporter: jeremy(a)jcline.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jeremy(a)jcline.org,
lemenkov(a)gmail.com, martin(a)laptop.org,
rbarlow(a)redhat.com
Created attachment 1163265
--> https://bugzilla.redhat.com/attachment.cgi?id=1163265&action=edit
Patch to ejabberd.service
Description of problem:
It'd be great if ejabberd logged to journald rather than /var/log/ejabberd/.
This can be achieved with a few small changes to the systemd unit file. I've
attached my proposed systemd unit file.
Version-Release number of selected component (if applicable):
All currently released versions.
Steps to Reproduce:
1. systemctl start ejabberd.service
2. journalctl -u ejabberd
3. :(
Actual results:
Logs are placed in /var/log/ejabberd
Expected results:
Logging is handled by journald
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 4 months