[Bug 908856] New: nscd startup gives error messages: no persistent data file used
http://bugzilla.opensuse.org/show_bug.cgi?id=908856 Bug ID: 908856 Summary: nscd startup gives error messages: no persistent data file used Classification: openSUSE Product: openSUSE Factory Version: 201412* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: freek@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- In a fully updated Tumbleweed system, checking with the command "systemctl status -l nscd.service" there are 4 error messages (in Dutch): Dec 08 15:01:47 ltfctum nscd[910]: 910 kan /var/run/nscd/passwd niet aanmaken; geen persistent gegevensbestand gebruikt Dec 08 15:01:47 ltfctum nscd[910]: 910 kan /var/run/nscd/group niet aanmaken; geen persistent gegevensbestand gebruikt Dec 08 15:01:47 ltfctum nscd[910]: 910 kan /var/run/nscd/services niet aanmaken; geen persistent gegevensbestand gebruikt Dec 08 15:01:47 ltfctum nscd[910]: 910 kan /var/run/nscd/netgroup niet aanmaken; geen persistent gegevensbestand gebruikt Translated: 910 unable to create <file>; no persistant data file used -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
Bernhard Wiedemann
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
Freek de Kruijf
The AppArmor profile should already allow this since years (at least since 2011 for most files, 2013-03-05 for /var/run/nscd/netgroup), therefore I'd be surprised if this is really caused by AppArmor ;-)
Do you have any *.rpmnew files in /etc/apparmor.d/?
No.
Please also paste the output of rpm -V apparmor-profiles
No output, no error message.
If those hints don't solve the problem, please paste the nscd-related AppArmor messages from /var/log/audit/audit.log or, if you don't use auditd, from /var/log/messages.
I got the same messages as are seen when running systemctl status nscd.service: 2014-12-11T21:03:01.062074+01:00 eik132 nscd: 953 kan /var/run/nscd/passwd niet aanmaken; geen persistent gegevensbestand gebruikt 2014-12-11T21:03:01.085727+01:00 eik132 nscd: 953 kan /var/run/nscd/group niet aanmaken; geen persistent gegevensbestand gebruikt 2014-12-11T21:03:01.086438+01:00 eik132 nscd: 953 kan /var/run/nscd/services niet aanmaken; geen persistent gegevensbestand gebruikt 2014-12-11T21:03:01.093988+01:00 eik132 nscd: 953 kan /var/run/nscd/netgroup niet aanmaken; geen persistent gegevensbestand gebruikt My other report is about a Tumbleweed system, but the above answers are from my openSUSE 13.2 system. Below are the last 20 lines from "grep nscd /var/log/audit/audit.log" from the Tumbleweed system. type=PROCTITLE msg=audit(1418133529.292:44): proctitle="/usr/sbin/nscd" type=SERVICE_START msg=audit(1418133529.483:49): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=' comm="nscd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1418134055.342:159): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=' comm="nscd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=AVC msg=audit(1418143385.365:35): apparmor="STATUS" operation="profile_load" name="/usr/sbin/nscd" pid=949 comm="apparmor_parser" type=AVC msg=audit(1418143385.403:38): apparmor="STATUS" operation="profile_load" name="/etc/init.d/nscd" pid=961 comm="apparmor_parser" type=AVC msg=audit(1418143385.917:45): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/run/nscd/passwd" pid=985 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=SYSCALL msg=audit(1418143385.917:45): arch=c000003e syscall=2 success=no exit=-13 a0=7ff4f04f5668 a1=802c2 a2=180 a3=0 items=0 ppid=984 pid=985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" key=(null) type=PROCTITLE msg=audit(1418143385.917:45): proctitle="/usr/sbin/nscd" type=AVC msg=audit(1418143385.918:46): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/run/nscd/group" pid=985 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=SYSCALL msg=audit(1418143385.918:46): arch=c000003e syscall=2 success=no exit=-13 a0=7ff4f04f567d a1=802c2 a2=180 a3=22 items=0 ppid=984 pid=985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" key=(null) type=PROCTITLE msg=audit(1418143385.918:46): proctitle="/usr/sbin/nscd" type=AVC msg=audit(1418143385.918:47): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/run/nscd/services" pid=985 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=SYSCALL msg=audit(1418143385.918:47): arch=c000003e syscall=2 success=no exit=-13 a0=7ff4f04f56a5 a1=802c2 a2=180 a3=1 items=0 ppid=984 pid=985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" key=(null) type=PROCTITLE msg=audit(1418143385.918:47): proctitle="/usr/sbin/nscd" type=AVC msg=audit(1418143385.918:48): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/run/nscd/netgroup" pid=985 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=SYSCALL msg=audit(1418143385.918:48): arch=c000003e syscall=2 success=no exit=-13 a0=7ff4f04f56bc a1=802c2 a2=180 a3=22 items=0 ppid=984 pid=985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" key=(null) type=PROCTITLE msg=audit(1418143385.918:48): proctitle="/usr/sbin/nscd" type=SERVICE_START msg=audit(1418143386.158:53): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=' comm="nscd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1418144155.490:258): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=' comm="nscd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1418144155.490:259): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=' comm="nscd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
Christian Boltz
(In reply to Christian Boltz from comment #3)
The AppArmor profile should already allow this since years (at least since 2011 for most files, 2013-03-05 for /var/run/nscd/netgroup), therefore I'd be surprised if this is really caused by AppArmor ;-)
Do you have any *.rpmnew files in /etc/apparmor.d/?
No.
Good.
Please also paste the output of rpm -V apparmor-profiles
No output, no error message.
This means no files were modified. Also good.
Below are the last 20 lines from "grep nscd /var/log/audit/audit.log" from the Tumbleweed system.
type=AVC msg=audit(1418143385.917:45): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/run/nscd/passwd" pid=985 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Thanks for the audit.log! Indeed, AppArmor is blocking write access to /run/nscd/passwd here, while nscd gives a slightly misleading error message about /var/run/nscd/passwd :-/ This is fixed in the upstream profile (r2813), but not in the openSUSE package yet. AppArmor 2.9.1 will contain the fixed profile. If you want to update your nscd profile, here's the patch: === modified file 'profiles/apparmor.d/usr.sbin.nscd' --- profiles/apparmor.d/usr.sbin.nscd 2013-10-09 12:39:58 +0000 +++ profiles/apparmor.d/usr.sbin.nscd 2014-11-17 19:18:29 +0000 @@ -28,7 +28,7 @@ /{,var/}run/nscd/ rw, /{,var/}run/nscd/db* rwl, /{,var/}run/nscd/socket wl, - /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw, + /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, /{,var/}run/{nscd/,}nscd.pid rwl, /var/log/nscd.log rw, @{PROC}/@{pid}/fd/ r, -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
--- Comment #6 from Freek de Kruijf
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
--- Comment #7 from Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
--- Comment #8 from Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=908856
Christian Boltz
participants (1)
-
bugzilla_noreply@novell.com