[opensuse] Root receives "mount: permission denied"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On an xterm: nimrodel:~ # mount /mnt/test/ mount: permission denied On another xterm: nimrodel:~ # l /mnt/test/ total 4 drwxr-xr-x 4 root root 104 Nov 6 19:08 ./ drwxr-xr-x 32 root root 4096 Nov 6 18:55 ../ - -rw-r--r-- 1 root root 0 Nov 6 19:08 algo nimrodel:~ # umount /mnt/test/ nimrodel:~ # If I open another xterm I get the same denied result. It only works on xterms or terminals opened two days ago, not on the ones I open now. Why? I've never seen this. nimrodel:~ # grep /mnt/test /etc/fstab /Grande/imgs/testimage /mnt/test auto noauto,loop,ro 0 0 - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkTRs0ACgkQtTMYHG2NR9X3XwCcCUGVsxebZUwOFyc5TJ9L0Js7 nwkAn0Q5pOLUsv09enZRLsj1+XeyXD58 =UiVQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. said the following on 11/06/2008 02:34 PM:
[...]
If I open another xterm I get the same denied result. It only works on xterms or terminals opened two days ago, not on the ones I open now.
Why? I've never seen this.
nimrodel:~ # grep /mnt/test /etc/fstab /Grande/imgs/testimage /mnt/test auto noauto,loop,ro 0 0
I can think of many possible reasons, but try this as s first step in the diagnostic. Run 'env' from both kinds of terminals, ones that can and can't mount, output to temp files and do a diff. You're not specifying an explicit loop device - maybe something in the environment is affecting that. It is possible,for example, that one set of xterms can referncne a keyring. I also see you have a root shell. Is this a real root shell in all cases or have you su'd to root in some cases and not others? -- Don't think you are going to conceal thoughts by concealing evidence that they ever existed. Dwight D. Eisenhower, speech at Dartmouth College, June 14, 1953 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2008-11-06 at 14:57 -0500, Anton Aylward wrote:
Carlos E. R. said the following on 11/06/2008 02:34 PM:
[...]
If I open another xterm I get the same denied result. It only works on xterms or terminals opened two days ago, not on the ones I open now.
Why? I've never seen this.
nimrodel:~ # grep /mnt/test /etc/fstab /Grande/imgs/testimage /mnt/test auto noauto,loop,ro 0 0
I can think of many possible reasons, but try this as s first step in the diagnostic.
Run 'env' from both kinds of terminals, ones that can and can't mount, output to temp files and do a diff. You're not specifying an explicit loop device - maybe something in the environment is affecting that.
Ok... nimrodel:~ # diff -y --suppress-common-lines nova va nimrodel:~ # diff -y --suppress-common-lines nova va XAUTHORITY=/root/.xauthK7a337 | XAUTHORITY=/root/.xauthgll3R8 > OLDPWD=/etc/apparmor.d why do I have two? nimrodel:~ # l /root/.xauthK7a337 /root/.xauthgll3R8 - -rw------- 1 root root 53 Nov 4 14:21 /root/.xauthK7a337 - -rw------- 1 root root 53 Nov 4 01:54 /root/.xauthgll3R8 nimrodel:~ # env | grep XAUTHORITY XAUTHORITY=/root/.xauthNg21lv nimrodel:~ # mount /mnt/test mount: permission denied nimrodel:~ # XAUTHORITY=/root/.xauthgll3R8 mount /mnt/test mount: permission denied nimrodel:~ # XAUTHORITY=/root/.xauthK7a337 mount /mnt/test mount: permission denied nimrodel:~ # So it is not that variable. Shouldn't be.
It is possible,for example, that one set of xterms can referncne a keyring.
Nope. More (via su -): nimrodel:~ # umount /home2 umount: /dev/hda12: not mounted umount: /home2: must be superuser to umount umount: /dev/hda12: not mounted umount: /home2: must be superuser to umount nimrodel:~ # whoami root On the old terminal it works fine.
I also see you have a root shell. Is this a real root shell in all cases or have you su'd to root in some cases and not others?
Both. One that works is via "su -" and another is tty1 logged as root. But tty2, which I opened now doesn't work, and an xterm via "su -" doesn't. No, I have all combinations. Last updates: Sat Nov 01 2008 Sat Jun 07 2008 gd-devel 2.0.36.RC1-19.1 Sat Nov 01 2008 Wed Oct 22 2008 libGraphicsMagick2 1.2.5-5.1 Sat Nov 01 2008 Wed Oct 22 2008 GraphicsMagick 1.2.5-5.1 Sat Nov 01 2008 Fri Oct 24 2008 yelp 2.22.1-25.2 Sat Nov 01 2008 Thu Oct 30 2008 libgadu 1.8.0-16.2 Tue Nov 04 2008 Wed Oct 29 2008 libzypp 4.27.4-0.1 Thu Nov 06 2008 Thu Oct 30 2008 enscript 1.6.4-124.2 Thu Nov 06 2008 Thu Sep 25 2008 apache2-doc 2.2.8-28.2 Thu Nov 06 2008 Thu Sep 25 2008 apache2-example-pages 2.2.8-28.2 Thu Nov 06 2008 Thu Sep 25 2008 apache2-utils 2.2.8-28.2 Thu Nov 06 2008 Thu Sep 25 2008 apache2 2.2.8-28.2 Thu Nov 06 2008 Thu Sep 25 2008 apache2-prefork 2.2.8-28.2 cer@nimrodel:~> uptime 10:12pm up 2 days 20:24, 42 users, load average: 0.16, 0.33, 0.35 I'm suspecting apparmour. [...] yes! Dammit! Argh! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkTXlYACgkQtTMYHG2NR9XwRACaAyXlEaKIxcV0QVlThSSr66I1 WPsAn2LGDTPZjm38y1I9rMgS0Hu+veJg =ASP6 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. said the following on 11/06/2008 04:15 PM:
I'm suspecting apparmour.
[...]
yes! Dammit! Argh!
Could be. Could also be what I ended up doing last wee; one shell open _before_ downloading and applying updates, one shell _after_. But apparmour interferes in odd ways... -- When I am working on a problem I never think about beauty. I only think about how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong. - Buckminster Fuller -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2008-11-06 at 16:35 -0500, Anton Aylward wrote:
Carlos E. R. said the following on 11/06/2008 04:15 PM:
I'm suspecting apparmour.
[...]
yes! Dammit! Argh!
Could be.
It is, it is, I know, I tested. I just had no time to explain before, I was on a hurry. Sorry. I'll explain now.
Could also be what I ended up doing last wee; one shell open _before_ downloading and applying updates, one shell _after_.
That's what I thought first, but I have a little script to check what files from the previous state are stillbeing used after the update: lsof | grep -E 'RPMDELETE|;|path inode=' that line detects them, and I have pending: resapplet 4560 cer mem REG 22,70 327496 /usr/share/icons/hicolor/icon-theme.cache (path inode=327463) tomboy 4801 cer mem REG 22,70 327496 /usr/share/icons/hicolor/icon-theme.cache (path inode=327463) corresponding to: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME - ---------------------------------------------------------------------------------------
But apparmour interferes in odd ways...
I suddenly repmebered I had been playing wiht it, so it was my fault; compounded whith the wizzard and its almost useless help file. You see a bunch of buttons and no idea what each button does, and help doesn't explain it and the consequences; I had to guess, and I guessed badly, obviously. I'll try to explain what I was trying to do. I have syslog-ng trigger a script on a certain action; why I want that is a long story, it is a kind of hack. In syslog-ng.conf I have: filter f_router_got_ip { host("router") and match("Received valid IP address from server"); }; #Cer ... destination routerip { program("/usr/local/bin/syslog-askandlogrouterip"); }; log { source(ext); filter(f_router_got_ip); destination(routerip); }; The 'syslog-askandlogrouterip' script is a filter or pipe: #!/bin/bash # try that sshagent does not interfere! export SSH_AGENT_PID='' export SSH_AUTH_SOCK='' while true ; do read set `/home/cer/bin/router_ip | /usr/bin/grep 0.8.32 | /usr/bin/cut --fields=14-15` /bin/logger -t router -p syslog.warn "Got new IP=" $* done The entire effect of this rigmarole is to call a expect script ("/home/cer/bin/router_ip") which runs an ssh session to my router to run the command that outputs my current internet IP, and then I log this IP to syslog. I know, it is weird, but it is the only way my router has, and it works fine... as long as aparmour is not running. syslog-ng is protected by apparmour. As the entry point to my hack is a script, apparmour wants to protect bash... and in my attempts to do this in the wizzard it turns out it jailed all bash instances instead of only the one used by my script. The easiest way is to remove the syslog-ng profile from apparmour - leanving it uprotected, which is no big deal in my case, anyway. I might end by creating my own binary filter, which would solve part of the problem. At least, no bash involved, but 'expect' would still be there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkTb/AACgkQtTMYHG2NR9XMpACcCC/ruGZNQNQ4/zgQy9xY9O28 uxIAn2Zp8ucx0klikXAEfX2d8GdHB5ro =bV/q -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Anton Aylward
-
Carlos E. R.
-
Carlos E. R.