obsolete

FEDORA-2015-10087 created by gisburn 7 years ago for Fedora 22

=Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear kadmind starts").

This update has been submitted for testing by gisburn.

7 years ago

WFM

karma: +1

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/82078/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/82078/steps/runtask/logs/stdio (results are informative only)

User Icon lslebodn commented & provided feedback 7 years ago
karma

+1

User Icon pkis provided feedback 7 years ago
User Icon pkis commented & provided feedback 7 years ago
karma

There is something weird with /usr/sbin/_kadmind [root@fed22 ~]$ service kadmin start Redirecting to /bin/systemctl start kadmin.service Job for kadmin.service failed. See "systemctl status kadmin.service" and "journalctl -xe" for details. [root@fed22 ~]$ service kadmin status Redirecting to /bin/systemctl status kadmin.service ● kadmin.service - Kerberos 5 Password-changing and Administration Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2015-06-15 08:58:03 EDT; 7s ago Process: 2678 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=203/EXEC) Main PID: 1964 (code=exited, status=2) Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: Starting Kerberos 5 Password-changing and Administration... Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[2678]: Failed at step EXEC spawning /usr/sbin/_kadmind: Exec format error Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: kadmin.service: control process exited, code=exited status=203 Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration. Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: Unit kadmin.service entered failed state. Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: kadmin.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@fed22 ~]$ cat /usr/sbin/_kadmind admind=/usr/sbin/kadmind@test-f!/var/kerberos/krb5kdc/kpropd.acl@echo>$"Error. This appears to be a slave server, found kpropd.acl"@exit @ @test-x "$kadmind"$ @exit @exec "$kadmind"$"$@"$[root@fed22 ~]$ [root@fed22 ~]$ file /usr/sbin/_kadmind: /usr/sbin/_kadmind:: cannot open `/usr/sbin/_kadmind:' (No such file or directory) [root@fed22 ~]$ file /usr/sbin/_kadmind /usr/sbin/_kadmind: data [root@fed22 ~]$ ls -l /usr/sbin/_kadmind -rwxr-xr-x. 1 root root 247 Jun 2 21:29 /usr/sbin/_kadmind [root@fed22 ~]$ [root@fed22 ~]$ rm -rf /usr/sbin/_kadmind && yum -y reinstall krb5-server-1.13.2-2.fc22.x86_64.rpm Yum command has been deprecated, redirecting to '/usr/bin/dnf -y reinstall krb5-server-1.13.2-2.fc22.x86_64.rpm'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' Last metadata expiration check performed 0:20:20 ago on Mon Jun 15 08:38:15 2015. Dependencies resolved. ============================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================ Reinstalling: krb5-server x86_64 1.13.2-2.fc22 @commandline 918 k Transaction Summary ============================================================================================================================================ Total size: 918 k Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Reinstalling: krb5-server-1.13.2-2.fc22.x86_64 1/2 Erasing : krb5-server-1.13.2-2.fc22.x86_64 2/2 Verifying : krb5-server-1.13.2-2.fc22.x86_64 1/2 Verifying : krb5-server-1.13.2-2.fc22.x86_64 2/2 Reinstalled: krb5-server.x86_64 1.13.2-2.fc22 Complete! [root@fed22 ~]$ cat /usr/sbin/_kadmind @admind=/usr/sbin/kadmind@test-f!/var/kerberos/krb5kdc/kpropd.acl@echo>$"Error. This appears to be a slave server, found kpropd.acl"@exit @ @test-x "$kadmind"$ @exit5 @@exec "$kadmind"$"$@"$[root@fed22 ~]$ [root@fed22 ~]$

User Icon pkis commented & provided feedback 7 years ago
karma

There is something weird with /usr/sbin/_kadmind [root@fed22 ~]$ service kadmin start Redirecting to /bin/systemctl start kadmin.service Job for kadmin.service failed. See "systemctl status kadmin.service" and "journalctl -xe" for details. [root@fed22 ~]$ service kadmin status Redirecting to /bin/systemctl status kadmin.service ● kadmin.service - Kerberos 5 Password-changing and Administration Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2015-06-15 08:58:03 EDT; 7s ago Process: 2678 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=203/EXEC) Main PID: 1964 (code=exited, status=2) Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: Starting Kerberos 5 Password-changing and Administration... Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[2678]: Failed at step EXEC spawning /usr/sbin/_kadmind: Exec format error Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: kadmin.service: control process exited, code=exited status=203 Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration. Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: Unit kadmin.service entered failed state. Jun 15 08:58:03 hp-dl80gen9-01.khw.lab.eng.bos.redhat.com systemd[1]: kadmin.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@fed22 ~]$ cat /usr/sbin/_kadmind admind=/usr/sbin/kadmind test -f!/var/kerberos/krb5kdc/kpropd.acl echo >$"Error. This appears to be a slave server, found kpropd.acl" exit
test -x "$kadmind"$ @ exit exec "$kadmind"$"$@"$[root@fed22 ~]$ [root@fed22 ~]$ file /usr/sbin/_kadmind: /usr/sbin/_kadmind:: cannot open `/usr/sbin/_kadmind:' (No such file or directory) [root@fed22 ~]$ file /usr/sbin/_kadmind /usr/sbin/_kadmind: data [root@fed22 ~]$ ls -l /usr/sbin/_kadmind -rwxr-xr-x. 1 root root 247 Jun 2 21:29 /usr/sbin/_kadmind [root@fed22 ~]$ [root@fed22 ~]$ rm -rf /usr/sbin/_kadmind && yum -y reinstall krb5-server-1.13.2-2.fc22.x86_64.rpm Yum command has been deprecated, redirecting to '/usr/bin/dnf -y reinstall krb5-server-1.13.2-2.fc22.x86_64.rpm'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' Last metadata expiration check performed 0:20:20 ago on Mon Jun 15 08:38:15 2015. Dependencies resolved. ============================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================ Reinstalling: krb5-server x86_64 1.13.2-2.fc22 @commandline 918 k Transaction Summary ============================================================================================================================================ Total size: 918 k Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Reinstalling: krb5-server-1.13.2-2.fc22.x86_64 1/2 Erasing : krb5-server-1.13.2-2.fc22.x86_64 2/2 Verifying : krb5-server-1.13.2-2.fc22.x86_64 1/2 Verifying : krb5-server-1.13.2-2.fc22.x86_64 2/2 Reinstalled: krb5-server.x86_64 1.13.2-2.fc22 Complete! [root@fed22 ~]$ cat /usr/sbin/_kadmind @?kadmind=/usr/sbin/kadmind test -f!/var/kerberos/krb5kdc/kpropd.acl echo >$"Error. This appears to be a slave server, found kpropd.acl" exit
test -x "$kadmind"$ @ exit exec "$kadmind"$"$@"$[root@fed22 ~]$ [root@fed22 ~]$

This update is currently being pushed to the Fedora 22 testing updates repository.

7 years ago
User Icon nphilipp provided feedback 7 years ago
karma
User Icon besser82 commented & provided feedback 7 years ago
karma

Cannot confirm pkis findings. LGTM =)

Critical path update approved

7 years ago
User Icon adelton commented & provided feedback 7 years ago
karma

/usr/sbin/_kadmind -bash: /usr/sbin/_kadmind: cannot execute binary file:

Exec format error

User Icon adelton commented & provided feedback 7 years ago
karma

This update has been pushed to testing

7 years ago
User Icon pvoborni commented & provided feedback 7 years ago
karma

experiencing bug 1231834 as well. It breaks ipa-server-install.


Please login to add feedback.

Metadata
Type
bugfix
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
BZ#1227542 [SELinux] AVC denials may appear when kadmind starts
0
0

Automated Test Results