Project

General

Profile

Actions
Copy link

Bug #4527

open

Disable ABRT for websockify

Added by Lukas Zapletal almost 11 years ago. Updated almost 11 years ago.

Status:
Assigned
Priority:
Low
Assignee:
Lukas Zapletal
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Every single request when a VNC port is occupied Foreman spawns websockify.py processes and throws PortInUse exceptions until one free port is found.

The problem is on RHEL6 ABRT for Python is turned on by default, which leads to flood of messages in syslog when ABRT tries to audit the exception:

Mar  3 16:23:06 foreman abrtd: New client connected
Mar  3 16:23:06 foreman abrtd: Directory 'pyhook-2014-03-03-16:23:06-7956' creation detected
Mar  3 16:23:06 foreman abrt-server[7961]: Saved Python crash dump of pid 7956 to /var/spool/abrt/pyhook-2014-03-03-16:23:06-7956
Mar  3 16:23:06 foreman abrtd: Package 'foreman' isn't signed with proper key
Mar  3 16:23:06 foreman abrtd: 'post-create' on '/var/spool/abrt/pyhook-2014-03-03-16:23:06-7956' exited with 1

We should fix this upstream or disable ABRT for this particular binary (dunno how?)

I am going to implement a workaround when SELinux is turned on - it will prevent to contact the ABRT server. It will not work for non-SELinux installation tho.

Related issues 2 (0 open2 closed)

Related to SELinux - Feature #4569: Policy for websockifyClosedLukas Zapletal03/06/2014Actions
Related to Foreman - Feature #10703: Randomize websockify portClosedLukas Zapletal06/04/2015Actions
Actions
Copy link
 #1

Updated by Lukas Zapletal almost 11 years ago

Solution: mmilata advices to drop script full path to /etc/abrt/abrt-action-save-package-data into the section BlacklistedPaths using Augeas or DBus service.

Actions
Copy link
 #2

Updated by Lukas Zapletal almost 11 years ago

Correction of the configuration file: /etc/abrt/abrt-action-save-package-data.conf

Actions
Copy link
 #3

Updated by Lukas Zapletal almost 11 years ago

  • Project changed from SELinux to Installer
  • Subject changed from Websockify is not ABRT friendly to Disable ABRT for websockify
  • Status changed from Assigned to New
  • Assignee deleted (Lukas Zapletal)
  • Priority changed from Normal to Low

Ok I am moving this to the installer project, we can disable ABRT for given script because it pollutes syslog.

When SELinux is enabled it will prevent from passing exceptions to ABRT, but we should disable ABRT for users who do not use SELinux. Low priority.

Actions
Copy link
 #4

Updated by Lukas Zapletal almost 11 years ago

Actions
Copy link
 #5

Updated by Lukas Zapletal almost 11 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Lukas Zapletal

https://github.com/theforeman/foreman-selinux/pull/15

This might get refused, we will need to either blacklist the script or push fix upstream.

Actions
Copy link
 #6

Updated by Dominic Cleal almost 11 years ago

  • Status changed from Ready For Testing to Assigned
Actions
Copy link
 #7

Updated by Lukas Zapletal over 9 years ago

Actions
Copy link

Also available in: Atom PDF