| Problems with Debian sid VE [message #29513] |
Tue, 15 April 2008 14:59  |
rmello
Messages: 15
Registered: October 2007
|
Junior Member |
|
|
I created a Debian Unstable (sid) VE through debootstratp, and I'm
thinking I forgot something because I get some weird behavior out of
that VE when I first start it:
1) I get a message "Mount failed for selinuxfs on /selinux".
I've grepped everything I could and can't find references to selinux
2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"
This seems to happen to other users, if I try to su - to the once I've
vzctl enter-ed into the VE.
3) I get a SIGSEV if I try to run aptitude
The weird thing is that after a few minutes it all goes to normal,
until I need to restart the VE that is. Anyone know what I'm
forgetting, or what's going on?
Thanks in advance,
Roberto
|
|
|
|
|
|
| Re: Problems with Debian sid VE [message #29594 is a reply to message #29517] |
Thu, 17 April 2008 18:41  |
rmello
Messages: 15
Registered: October 2007
|
Junior Member |
|
|
On Tue, Apr 15, 2008 at 10:41 AM, Marcin Owsiany <marcin@owsiany.pl> wrote:
> On Tue, Apr 15, 2008 at 08:59:00AM -0600, Roberto Mello wrote:
> > I created a Debian Unstable (sid) VE through debootstratp, and I'm
> > thinking I forgot something because I get some weird behavior out of
> > that VE when I first start it:
> >
> > 1) I get a message "Mount failed for selinuxfs on /selinux".
> >
> > I've grepped everything I could and can't find references to selinux
>
> I think openvz and selinux are mutually exclusive.
I am aware of that. The Hardware Node has no SELinux enabled. It has
been running openvz for quite some time now, but this was my first
time creating a VE with Debian Sid from scratch, i.e. using
debootstrap.
>
> > 2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"
>
> Can you paste what exactly happens?
foo-HN# vzctl start 115
<openVZ startup messages>
Mount failed for selinuxfs on /selinux
foo-HN# vzctl enter 115
I Have no name!@ve115#
> > 3) I get a SIGSEV if I try to run aptitude
>
> Perhaps it's just bad OOM handling. Try stracing it?
No. It's definitely related to the problem that happens with this VE
with Debian Sid in the first few minutes after starting it. After a
few minutes aptitude is able to start up and run just fine.
It's as if the users in /etc/passwd are not recognized by the system
for a bit. I can't "su - someotheruser" for example. After a few
minutes, everything works, but I have to figure this out because
Apache, for example, refuses to start because its www-data user just
doesn't work as soon as the VE starts up.
Anyone have a clue what's going on here?
Roberto
|
|
|
|
| Re: Problems with Debian sid VE [message #29595 is a reply to message #29594] |
Thu, 17 April 2008 18:58 |
rmello
Messages: 15
Registered: October 2007
|
Junior Member |
|
|
On Thu, Apr 17, 2008 at 12:41 PM, Roberto Mello <roberto.mello@gmail.com> wrote:
>
> It's as if the users in /etc/passwd are not recognized by the system
> for a bit. I can't "su - someotheruser" for example. After a few
> minutes, everything works, but I have to figure this out because
> Apache, for example, refuses to start because its www-data user just
> doesn't work as soon as the VE starts up.
>
> Anyone have a clue what's going on here?
Here's the syslog from the VE, when I recently had to restart the HN:
Apr 16 23:18:07 ralph1 shutdown[27780]: shutting down for system halt
Apr 16 23:18:07 ralph1 init: Switching to runlevel: 0
Apr 16 23:18:08 ralph1 kernel: Kernel logging (proc) stopped.
Apr 16 23:18:08 ralph1 kernel: Kernel log daemon terminating.
Apr 16 23:18:09 ralph1 exiting on signal 15
Apr 16 23:29:33 ralph1 syslogd 1.5.0#2: restart.
Apr 16 23:29:33 ralph1 kernel: klogd 1.5.0#2, log source = /proc/kmsg started.
Apr 16 23:29:35 ralph1 atd: Cannot get uid for daemon: Unknown error 530
Apr 16 23:29:35 ralph1 /usr/sbin/cron[16207]: (CRON) INFO (pidfile fd = 3)
Apr 16 23:29:36 ralph1 /usr/sbin/cron[16208]: (CRON) STARTUP (fork ok)
Apr 16 23:29:36 ralph1 cron[16208]: Error: bad username; while reading
/etc/crontab
Apr 16 23:29:36 ralph1 cron[16208]: Error: bad username; while reading
/etc/cron.d/php5
Apr 16 23:29:36 ralph1 /usr/sbin/cron[16208]: (CRON) INFO (Running @reboot jobs)
Apr 16 23:29:39 ralph1 init: no more processes left in this runlevel
Notice the error messages regarding uid's and usernames. This lasts
for a few minutes and then everything starts working normally without
any intervention of mine. I'm at a loss.
Roberto
|
|
|
|
| Re: Problems with Debian sid VE [message #29596 is a reply to message #29594] |
Thu, 17 April 2008 20:54 |
porridge
Messages: 23
Registered: October 2007
Location: London, UK
|
Junior Member |
|
|
On Thu, Apr 17, 2008 at 12:41:41PM -0600, Roberto Mello wrote:
> On Tue, Apr 15, 2008 at 10:41 AM, Marcin Owsiany <marcin@owsiany.pl> wrote:
> > On Tue, Apr 15, 2008 at 08:59:00AM -0600, Roberto Mello wrote:
> > > I created a Debian Unstable (sid) VE through debootstratp, and I'm
> > > thinking I forgot something because I get some weird behavior out of
> > > that VE when I first start it:
> > >
> > > 1) I get a message "Mount failed for selinuxfs on /selinux".
> > >
> > > I've grepped everything I could and can't find references to selinux
> >
> > I think openvz and selinux are mutually exclusive.
>
> I am aware of that. The Hardware Node has no SELinux enabled.
However it's clearly enabled in userspace in the VE, as it tries to
mount /selinux. Possibly the UID problems are related to that.
> > > 2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"
> >
> > Can you paste what exactly happens?
>
> foo-HN# vzctl start 115
> <openVZ startup messages>
> Mount failed for selinuxfs on /selinux
> foo-HN# vzctl enter 115
> I Have no name!@ve115#
Funny, I've never seen that happen before. No wonder I didn't know what
you meant. Looks like "I have no name!" is the username set in bash,
when getpwuid() (which scans /etc/passwd) fails.
> > > 3) I get a SIGSEV if I try to run aptitude
> >
> > Perhaps it's just bad OOM handling. Try stracing it?
>
> No. It's definitely related to the problem that happens with this VE
> with Debian Sid in the first few minutes after starting it. After a
> few minutes aptitude is able to start up and run just fine.
I still think that this SIGSEGV is just aptitude failing to handle an
"impossible" situation correctly.
> Anyone have a clue what's going on here?
My gut feeling is that selinux is to blame. I would try to disable
selinux in the VE.
As one of my colleagues say "If weird shit happens, check selinux."
Root not being able to read /etc/passwd is a fine example of "weird
shit" :)
--
Marcin Owsiany <marcin@owsiany.pl> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
"Every program in development at MIT expands until it can read mail."
-- Unknown
|
|
|
|
| Re: Problems with Debian sid VE [message #29640 is a reply to message #29596] |
Sat, 19 April 2008 17:23 |
rmello
Messages: 15
Registered: October 2007
|
Junior Member |
|
|
On Thu, Apr 17, 2008 at 2:54 PM, Marcin Owsiany <marcin@owsiany.pl> wrote:
>
> However it's clearly enabled in userspace in the VE, as it tries to
> mount /selinux. Possibly the UID problems are related to that.
That's what I think too, but the hard thing is disabling the thing.
> My gut feeling is that selinux is to blame. I would try to disable
> selinux in the VE.
>
> As one of my colleagues say "If weird shit happens, check selinux."
> Root not being able to read /etc/passwd is a fine example of "weird
> shit" :)
No kidding. The only thing I can find under /etc about selinux is
under init.d/mtab.sh:
init.d/mtab.sh: if selinux_enabled && which restorecon >/dev/null 2>&1
&& [ -r /etc/mtab ]
mtab.sh includes /lib/lsb/init-functions and /lib/init/mount-functions.sh
This latter file checks for selinxu being enabled:
selinux_enabled () {
which selinuxenabled >/dev/null 2>&1 && selinuxenabled
}
selinuxenabled is provided the selinux-utils package. I've created an
/etc/selinux/config disabling selinux, and symlinked to it from
/etc/default/selinux, which is where selinux was enabled/disabled on
etch.
But it still doesnt seem to resolve the issue. Sometimes I can only
get "proper" root after attempting a dpkg -l (which fails) and reading
the contents of /var/lib/dpkg/updates/.
When I run selinuxenabled I get a 1 exit code. And then there's this
(also provided in the selinux-utils package):
I have no name!@o2:/# getsebool
getsebool: SELinux is disabled
But still no go. Anyone who knows SELinux knows what I need to do to
really disable it in a VE?
Thanks,
Roberto
|
|
|
|
| Re: Problems with Debian sid VE [message #29983 is a reply to message #29640] |
Sun, 04 May 2008 14:12 |
rmello
Messages: 15
Registered: October 2007
|
Junior Member |
|
|
On Sat, Apr 19, 2008 at 11:23 AM, Roberto Mello <roberto.mello@gmail.com> wrote:
>
> When I run selinuxenabled I get a 1 exit code. And then there's this
> (also provided in the selinux-utils package):
>
> I have no name!@o2:/# getsebool
> getsebool: SELinux is disabled
>
> But still no go. Anyone who knows SELinux knows what I need to do to
> really disable it in a VE?
Just to report, I haven't been able to figure out how to solve this
yet. Everything I check says that selinux is disabled, but everytime I
restart the VE, the problem reappears.
Roberto
--
http://blog.divisiblebyfour.org/
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
