Failing CentOS5-32 builds in Jenkins

Bug #1153334 reported by Alexey Kopytov on 2013-03-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup
Alexey Kopytov
Alexey Kopytov
Alexey Kopytov

Bug Description

All XB tests in the 'innodb51' configuration fail on centos5-32 Jenkins slaves due to SELinux when trying to start the server from a non-standard location. innodb51 is the only configuration where the server needs to load a plugin. That fails as follows:

130310 22:37:45 [ERROR] Can't open shared library '/home/user/src/2.0/test/server/lib/plugin/' (errno: 22 cannot restore segment prot after reloc: Permission denied)
130310 22:37:45 [ERROR] Couldn't load plugin named 'innodb' with soname ''.

Corresponding messages from /var/log/audit/audit.log:

type=AVC msg=audit(1362938338.731:89): avc: denied { execmod } for pid=27233 comm="mysqld" path="/home/user/src/2.0/test/server/lib/plugin/" dev=dm-0 ino=1246369 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1362938338.731:89): arch=40000003 syscall=125 success=no exit=-13 a0=4a3000 a1=13e000 a2=5 a3=bfe27610 items=0 ppid=27167 pid=27233 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts0 ses=3 comm="mysqld" exe="/home/user/src/2.0/test/server/bin/mysqld" subj=user_u:system_r:unconfined_t:s0 key=(null)

"setenforce=0" on those slaves would fix the issue, but that appears to be too difficult. This report is to implement a workaround in the XB test suite.

Related branches

Sergei Glushchenko: Approve (g2) on 2013-03-11
Sergei Glushchenko: Approve (g2) on 2013-03-11

If this bug can reappear in non-testing environment due to other
reasons, I can add this as an exception to selinux rule.

However, according to
 Basically a DSO is loaded, at some point the application determines the code needs text relocation and uses the mprotect call to set the memory region read/write. After the text relocation, the code is marked back to read/exec which triggers the access check. Usually the DSO does not need to be text relocatable, but a programming mistake has happened.

So, bug fix helps here, also, I checked for others on CentOS64-6
with readelf -d PROGRAMS | fgrep TEXTREL -- couldn't find any.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers