| 2021-07-08 11:54:08 |
Nikolay Vinogradov |
bug |
|
|
added bug |
| 2021-07-09 10:42:22 |
Nikolay Vinogradov |
description |
Hi,
We're deploying hw-health charm to Bionic hardened with recent Ubuntu Bionic CIS benchmark 18.04.17 (based on CIS 2.0.1). ilorest tool that charm uses for hardware monitoring fails to start:
$ ilorest
ilorest: error while loading shared libraries: libz.so.1: failed to map segment from shared object
The root cause is this CIS remediation:
# 1.1.5 Ensure noexec option set on /tmp partition (Automated)
rule-1.1.5()
{
ensure_opt_mountpoint /tmp noexec
}
Which breaks pyinstaller as documented in https://pyinstaller.readthedocs.io/en/stable/when-things-go-wrong.html#operation-not-permitted-error. ilorest seems to be using pyinstaller (see https://pastebin.ubuntu.com/p/PpzvwdSwBZ/, based on https://github.com/extremecoders-re/pyinstxtractor/wiki/Extracting-Linux-ELF-binaries). So ilorest is essentially ELF binary that has a number of .so files packaged in it that are being unpacked to /tmp when the script starts. The same problem also causes other problems, like the one described here: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1791241
The workaround is to remount /tmp as described below:
$ sudo mount /tmp -o remount,exec
ubuntu@cz20420g87:/var/log$ ilorest
iLOrest : RESTful Interface Tool version 3.1.1
.... |
Hi,
We're deploying hw-health charm to Bionic hardened with recent Ubuntu Bionic CIS benchmark 18.04.17 (based on CIS 2.0.1). ilorest tool that charm uses for hardware monitoring fails to start:
$ ilorest
ilorest: error while loading shared libraries: libz.so.1: failed to map segment from shared object
As strace ilorest shows (the loader attempts to load a number of .so files from /tmp and files, see below comments for why), the root cause is this CIS remediation:
# 1.1.5 Ensure noexec option set on /tmp partition (Automated)
rule-1.1.5()
{
ensure_opt_mountpoint /tmp noexec
}
Which breaks pyinstaller as documented in https://pyinstaller.readthedocs.io/en/stable/when-things-go-wrong.html#operation-not-permitted-error. ilorest seems to be using pyinstaller (see https://pastebin.ubuntu.com/p/PpzvwdSwBZ/, based on https://github.com/extremecoders-re/pyinstxtractor/wiki/Extracting-Linux-ELF-binaries). So ilorest is essentially ELF binary that has a number of .so files packaged in it that are being unpacked to /tmp when the script starts. The same problem also causes other problems, like the one described here: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1791241
The workaround is to remount /tmp as described below:
$ sudo mount /tmp -o remount,exec
ubuntu@cz20420g87:/var/log$ ilorest
iLOrest : RESTful Interface Tool version 3.1.1
.... |
|
| 2021-07-09 10:47:55 |
Nikolay Vinogradov |
description |
Hi,
We're deploying hw-health charm to Bionic hardened with recent Ubuntu Bionic CIS benchmark 18.04.17 (based on CIS 2.0.1). ilorest tool that charm uses for hardware monitoring fails to start:
$ ilorest
ilorest: error while loading shared libraries: libz.so.1: failed to map segment from shared object
As strace ilorest shows (the loader attempts to load a number of .so files from /tmp and files, see below comments for why), the root cause is this CIS remediation:
# 1.1.5 Ensure noexec option set on /tmp partition (Automated)
rule-1.1.5()
{
ensure_opt_mountpoint /tmp noexec
}
Which breaks pyinstaller as documented in https://pyinstaller.readthedocs.io/en/stable/when-things-go-wrong.html#operation-not-permitted-error. ilorest seems to be using pyinstaller (see https://pastebin.ubuntu.com/p/PpzvwdSwBZ/, based on https://github.com/extremecoders-re/pyinstxtractor/wiki/Extracting-Linux-ELF-binaries). So ilorest is essentially ELF binary that has a number of .so files packaged in it that are being unpacked to /tmp when the script starts. The same problem also causes other problems, like the one described here: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1791241
The workaround is to remount /tmp as described below:
$ sudo mount /tmp -o remount,exec
ubuntu@cz20420g87:/var/log$ ilorest
iLOrest : RESTful Interface Tool version 3.1.1
.... |
Hi,
We're deploying hw-health charm to Bionic hardened with recent Ubuntu Bionic CIS benchmark 18.04.17 (based on CIS 2.0.1). ilorest tool that charm uses for hardware monitoring fails to start:
$ ilorest
ilorest: error while loading shared libraries: libz.so.1: failed to map segment from shared object
As strace ilorest shows (the loader attempts to load a number of .so files with randomized names from /tmp, see below comments for why), the root cause is this CIS remediation:
# 1.1.5 Ensure noexec option set on /tmp partition (Automated)
rule-1.1.5()
{
ensure_opt_mountpoint /tmp noexec
}
Which breaks pyinstaller as documented in https://pyinstaller.readthedocs.io/en/stable/when-things-go-wrong.html#operation-not-permitted-error. ilorest seems to be using pyinstaller (see https://pastebin.ubuntu.com/p/PpzvwdSwBZ/, based on https://github.com/extremecoders-re/pyinstxtractor/wiki/Extracting-Linux-ELF-binaries). So ilorest is essentially ELF binary that has a number of .so files packaged in it that are being unpacked to /tmp when the script starts. The same problem also causes other problems, like the one described here: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1791241
The workaround is to remount /tmp as described below:
$ sudo mount /tmp -o remount,exec
ubuntu@cz20420g87:/var/log$ ilorest
iLOrest : RESTful Interface Tool version 3.1.1
.... |
|
| 2022-01-31 06:18:59 |
Jose Guedez |
charm-hw-health: status |
New |
Confirmed |
|
| 2022-01-31 06:19:06 |
Jose Guedez |
charm-hw-health: importance |
Undecided |
High |
|
| 2022-02-09 23:00:30 |
John Lettman |
charm-hw-health: assignee |
|
John Lettman (jplettman) |
|
| 2022-02-09 23:00:51 |
Andrea Ieri |
bug |
|
|
added subscriber Canonical IS BootStack |
| 2022-02-09 23:53:23 |
John Lettman |
charm-hw-health: status |
Confirmed |
In Progress |
|
| 2022-02-09 23:54:18 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~jplettman/charm-hw-health/+git/charm-hw-health/+merge/415348 |
|
| 2022-03-03 11:46:57 |
Celia Wang |
charm-hw-health: status |
In Progress |
Fix Committed |
|
| 2022-04-11 22:22:32 |
Xav Paice |
charm-hw-health: milestone |
|
22.04 |
|
| 2022-04-15 11:24:09 |
Alvaro Uria |
tags |
|
bseng-60 |
|
| 2022-04-29 12:42:23 |
Przemyslaw Lal |
charm-hw-health: status |
Fix Committed |
Fix Released |
|
| 2022-10-13 09:18:47 |
Mert Kirpici |
merge proposal linked |
|
https://code.launchpad.net/~mertkirpici/charm-hw-health/+git/charm-hw-health/+merge/431492 |
|
