Re: at program breaks with kernel 2.6.24
- From: serge@xxxxxxxxxx
- Date: Thu, 28 Feb 2008 08:54:00 -0600
Quoting BuraphaLinux Server (buraphalinuxserver@xxxxxxxxx):
Thank you for the patch to try. This patch works perfectly. Is it
safe to apply this to 2.6.24.3? I hope it is in 2.6.24.4
Hmm, in your 'uname -a' you showed 2.6.25-rc3. I used
roughly 2.6.25-rc3 on a fedora 8 system and at worked
fine. What distro are you using? Looks like debian - any
particular version? I'll have to try setting up another vm
(though I'm out of space... hmm) to test.
thanks,
-serge
--
On 2/28/08, serge@xxxxxxxxxx <serge@xxxxxxxxxx> wrote:
Quoting BuraphaLinux Server (buraphalinuxserver@xxxxxxxxx):
This is gmail which has broken line wrapping I cannot fix. Anyway, Iit's my fault,
did build the new kernel but it still does not work for me. I tried to
strace, but that didn't work for me either. This is as a non-root user
(and same 'at'/'atd' binaries work on 2.6.23.X):
bash-3.2$ at now
warning: commands will be executed using /bin/sh
at> echo "suid is busted"
at> <EOT>
job 4 at Thu Feb 28 02:16:00 2008
Can't signal atd (permission denied)
bash-3.2$ ls -ld $(which at)
-rws--x--x 1 daemon daemon 36468 Jan 11 15:37 /usr/bin/at
bash-3.2$ ps -ef | grep atd
daemon 2874 1 0 02:14 ? 00:00:00 /usr/sbin/atd -b 15 -l 1
bozo 3054 3049 0 02:16 pts/0 00:00:00 grep atd
bash-3.2$ ls -ld /var/spool/at*
drwxrwxrwt 2 daemon daemon 4096 Feb 28 02:16 /var/spool/atjobs
drwx------ 2 daemon daemon 4096 Feb 27 20:02 /var/spool/atspool
bash-3.2$ uname -a
Linux zappaman.cs.buu.ac.th 2.6.25-rc3 #1 SMP Thu Feb 28 01:29:46 ICT
2008 i686 pentium4 i386 GNU/Linux
bash-3.2$ strace -s 99999 -v -o /tmp/pain at now
warning: commands will be executed using /bin/sh
Cannot open lockfile /var/spool/atjobs/.SEQ: Permission denied
bash-3.2$ at now
warning: commands will be executed using /bin/sh
at> echo "hi"
at> <EOT>
job 7 at Thu Feb 28 02:19:00 2008
Can't signal atd (permission denied)
My kenrel .config is big, so it is attached so I don't get any cut and
paste error.
On 2/28/08, serge@xxxxxxxxxx <serge@xxxxxxxxxx> wrote:
Quoting BuraphaLinux Server (buraphalinuxserver@xxxxxxxxx):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463669
I have the same problem - it is not debian specific. Did the
semantics of kill() change with the new kernel? I thought as long as
something is setuid, even with capability stuff around the setuid
programs just get _all_ capabilities and would keep working.
I did a good search and found many people with the problem, but no
solutions except going back to 2.6.23.x kernels. I guess you'll flame
me, but at least include a link to the solution too.
Why would we flame you?
Because maybe I'm doing something stupid and didn't patch/rebuild
something when changing kernels like I should. I haven't had trouble
with at for many years of kernel changes, but 2.6.24 was the first
with the new security stuff and maybe I need to have some
capability-aware 'at' program?
I'll just apologize as I think
and ask you to please try the newest available kernel where I believe it
should be fixed.
Do I need to recompile glibc and the at software to adjust so some
kernel interface changes? Did the 'make oldconfig' generate some bad
config combination? As root it works, so I don't think the at or atd
are broken (but maybe they have to be patched for >2.6.23.X ?)
bash-3.2$ su - root
Password:
BLS #at now
warning: commands will be executed using /bin/sh
at> echo "uh-huh..."
at> <EOT>
job 8 at Thu Feb 28 02:30:00 2008
(and I checked and the job completes normally)
thanks,
-serge
Thank you for reading. Any ideas on what to try next?
I'm working on setting up something I can test this on better, but just
for good measure can you try the following patch? It should simply
prevent the extra signal checks from happening.
thanks,
-serge
From f48d28fe525652cb7321d5f545f9dcdfb3ce97d8 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@xxxxxxxxxx>
Date: Wed, 27 Feb 2008 20:53:47 +0000
Subject: [PATCH 1/1] file capabilities: get rid of cap_task_kill
This is just a test to not use cap_task_kill. We will see whether
this fixes the atd problem
Signed-off-by: Serge Hallyn <serge@xxxxxxxxxx>
---
include/linux/security.h | 2 +-
security/capability.c | 1 -
2 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index fe52cde..4c43914 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -2138,7 +2138,7 @@ static inline int security_task_kill (struct
task_struct *p,
struct siginfo *info, int sig,
u32 secid)
{
- return cap_task_kill(p, info, sig, secid);
+ return 0;
}
static inline int security_task_wait (struct task_struct *p)
diff --git a/security/capability.c b/security/capability.c
index 9e99f36..2c6e06d 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -40,7 +40,6 @@ static struct security_operations capability_ops = {
.inode_need_killpriv = cap_inode_need_killpriv,
.inode_killpriv = cap_inode_killpriv,
- .task_kill = cap_task_kill,
.task_setscheduler = cap_task_setscheduler,
.task_setioprio = cap_task_setioprio,
.task_setnice = cap_task_setnice,
--
1.5.2.5
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- at program breaks with kernel 2.6.24
- From: BuraphaLinux Server
- Re: at program breaks with kernel 2.6.24
- From: serge
- Re: at program breaks with kernel 2.6.24
- From: BuraphaLinux Server
- Re: at program breaks with kernel 2.6.24
- From: serge
- Re: at program breaks with kernel 2.6.24
- From: BuraphaLinux Server
- at program breaks with kernel 2.6.24
- Prev by Date: Re: [Regression in 2.6.25-rcX] CD/DVD writer no longer works
- Next by Date: Re: [PATCH] [SSB] PCI core driver: use new SPROM data structure
- Previous by thread: Re: at program breaks with kernel 2.6.24
- Next by thread: Re: at program breaks with kernel 2.6.24
- Index(es):
Relevant Pages
|
