Hi all!
I don't religiously follow everything that pops up in the selinux
alerts, but now and then I go back and look at some of them.
(I'm on an up to date Centos-7).
Today I noted an error that seems to occur during a weekly raid check,
from /etc/cron.d.
the selinux alert is:
SELinux is preventing /usr/sbin/mdadm from write access on the file /var/log/rear/rear-fcshome.log.lockless.
so I go look at that file and find that it contains, down in the middle
of commands run, a series of errors:
2017-02-19 01:30:03 Relax-and-Recover 1.17.2 / Git
2017-02-19 01:30:03 Command line options: /usr/sbin/rear checklayout
2017-02-19 01:30:03 Including /etc/rear/os.conf
2017-02-19 01:30:03 Including conf/Linux-i386.conf
2017-02-19 01:30:03 Including conf/GNU/Linux.conf
2017-02-19 01:30:04 Including /etc/rear/local.conf
2017-02-19 01:30:04 Running 'init' stage
2017-02-19 01:30:04 Including init/default/01_set_drlm_env.sh
2017-02-19 01:30:04 Finished running 'init' stage in 0 seconds
2017-02-19 01:30:04 Using build area '/tmp/rear.oaWHSvnwNFddStm'
2017-02-19 01:30:04 Running checklayout workflow
2017-02-19 01:30:04 Running 'layout/precompare' stage
2017-02-19 01:30:04 Including layout/precompare/default/11_check_layout_file.sh
2017-02-19 01:30:04 Finished running 'layout/precompare' stage in 0 seconds
2017-02-19 01:30:04 Running 'layout/save' stage
2017-02-19 01:30:04 Including layout/save/GNU/Linux/10_create_layout_file.sh
2017-02-19 01:30:04 Creating disk layout
2017-02-19 01:30:04 Preparing layout directory.
2017-02-19 01:30:04 Including layout/save/GNU/Linux/15_save_diskbyid_mappings.sh
2017-02-19 01:30:05 Saved diskbyid_mappings
2017-02-19 01:30:05 Including layout/save/GNU/Linux/20_partition_layout.sh
2017-02-19 01:30:06 Saving disk partitions.
2017-02-19 01:30:08 Including layout/save/GNU/Linux/21_raid_layout.sh
2017-02-19 01:30:08 Saving Software RAID configuration.
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 44: let: sparedevices=-: syntax error: operand expected (error token is "-")
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 65: [: : integer expression expected
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 44: let: sparedevices=-: syntax error: operand expected (error token is "-")
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 65: [: : integer expression expected
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 44: let: sparedevices=-: syntax error: operand expected (error token is "-")
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 65: [: : integer expression expected
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 44: let: sparedevices=-: syntax error: operand expected (error token is "-")
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh: line 65: [: : integer expression expected
2017-02-19 01:30:09 Including layout/save/GNU/Linux/22_lvm_layout.sh
2017-02-19 01:30:09 Saving LVM layout.
2017-02-19 01:30:11 Including layout/save/GNU/Linux/23_filesystem_layout.sh
2017-02-19 01:30:11 Begin saving filesystem layout
2017-02-19 01:30:11 Saving filesystem layout (using the findmnt command).
2017-02-19 01:30:16 End saving filesystem layout
2017-02-19 01:30:16 Including layout/save/GNU/Linux/24_swaps_layout.sh
2017-02-19 01:30:16 Saving Swap information.
2017-02-19 01:30:16 Including layout/save/GNU/Linux/25_drbd_layout.sh
2017-02-19 01:30:16 Including layout/save/GNU/Linux/26_crypt_layout.sh
2017-02-19 01:30:16 Saving Encrypted volumes.
2017-02-19 01:30:16 Device Mapper name No not found in /dev/mapper.
2017-02-19 01:30:16 Including layout/save/GNU/Linux/27_hpraid_layout.sh
2017-02-19 01:30:16 Including layout/save/GNU/Linux/28_multipath_layout.sh
2017-02-19 01:30:16 Did not find multipath device No in the expected location.
2017-02-19 01:30:16 Including layout/save/default/30_list_dependencies.sh
2017-02-19 01:30:16 Including layout/save/default/31_autoexclude_usb.sh
2017-02-19 01:30:16 Including layout/save/default/31_include_exclude.sh
2017-02-19 01:30:16 Including layout/save/default/32_autoexclude.sh
2017-02-19 01:30:17 Disk /dev/sdb is not used by any mounted filesystem. Excluding.
2017-02-19 01:30:17 Disk /dev/sdc is not used by any mounted filesystem. Excluding.
2017-02-19 01:30:17 Including layout/save/default/33_remove_exclusions.sh
2017-02-19 01:30:17 Including layout/save/GNU/Linux/34_false_blacklisted.sh
2017-02-19 01:30:18 Including layout/save/default/34_generate_mountpoint_device.sh
2017-02-19 01:30:18 Including layout/save/GNU/Linux/35_copy_drbdtab.sh
2017-02-19 01:30:18 Including layout/save/default/40_check_backup_special_files.sh
2017-02-19 01:30:18 Including layout/save/default/45_check_bootloader_files.sh
2017-02-19 01:30:18 Including layout/save/default/45_check_network_files.sh
2017-02-19 01:30:18 Including layout/save/GNU/Linux/50_extract_vgcfg.sh
2017-02-19 01:30:18 Including layout/save/GNU/Linux/51_current_disk_usage.sh
2017-02-19 01:30:19 Including layout/save/default/60_snapshot_files.sh
2017-02-19 01:30:19 Finished running 'layout/save' stage in 15 seconds
2017-02-19 01:30:19 Running 'layout/compare' stage
2017-02-19 01:30:19 Including layout/compare/default/50_compare_layout.sh
2017-02-19 01:30:19 Disk layout is identical.
2017-02-19 01:30:19 Including layout/compare/default/51_compare_files.sh
2017-02-19 01:30:20 Finished running 'layout/compare' stage in 1 seconds
2017-02-19 01:30:20 Finished running checklayout workflow
2017-02-19 01:30:20 Running exit tasks.
2017-02-19 01:30:20 Finished in 18 seconds
2017-02-19 01:30:20 Removing build area /tmp/rear.oaWHSvnwNFddStm
2017-02-19 01:30:20 End of program reached
selinux says it prevent writes to this file. but the file was clearly
written to! Is selinux stupid enough to mistake shell errors as a
failure to write?
Also, in trying to figure out what those errors mean, I looked at
the file specified in the errors,
/usr/share/rear/layout/save/GNU/Linux/21_raid_layout.sh, where I find
line 44 and a couple above it read:
ndevices=$( grep "Raid Devices" $TMP_DIR/mdraid | tr -d " " | cut -d ":" -f "2")
totaldevices=$( grep "Total Devices" $TMP_DIR/mdraid | tr -d " " | cut -d ":" -f "2")
let sparedevices=$totaldevices-$ndevices
it appears that "ndevices" and "totaldevices" are both empty (not zero,
but empty) because the error report above says "-" isn't valid, which
would happen if those two variables were unpopulated.
At this point I haven't yet found out where those values come from...
(more to the point, I haven't yet figured out where TMP_DIR comes from)
If any of you know more than I (I've never seen this code before)
I'd appreciate a pointer, but I'll keep looking too.
In the meantime, my software raid seems to keep chugging along.
thanks in advance!
Fred
--
---- Fred Smith -- fredex(a)fcshome.stoneham.ma.us ----------------------------
Do you not know? Have you not heard?
The LORD is the everlasting God, the Creator of the ends of the earth.
He will not grow tired or weary, and his understanding no one can fathom.
----------------------------- Isaiah 40:28 (niv) -----------------------------