This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug runtime/10268] Cannot re-run script after failed run (module file not removed)


------- Additional Comments From chwang at redhat dot com  2009-06-15 20:55 -------
(In reply to comment #2)
> Can you elaborate on the permission model that consolehelper gives you? 
> Normally only staprun is at root (via setuid), and it should drop back to user
> permissions before exec'ing stapio.  It's also strange that you have lingering
> stapio processes, because those should be exec'ed back to staprun when they
> attempt to unload the module.

Consolehelper is supposed to simulate root privileges when you run a command, so
this could be why the entire stap command shows up as belonging to root. But I
don't know enough about the permission model to say any more... 

However, I know that the second command works fine if executing as root without
Consolehelper.

i.e. after the failed run, ps aux | grep stap shows:
root     29710  0.0  0.0   8188   268 pts/0    S    16:44   0:00
/usr/local/libexec/systemtap/stapio -o [snip]
/stap_ab9abab74364624017a2d3df233ae4b0_4434.ko

But calling sudo stap <script> returns the right result. (And using the
Consolehelper link does not)



Stuff that might help:
To make Consolehelper work, we have a file in /etc/pam.d called stap:
auth            sufficient      pam_rootok.so
auth            sufficient      pam_timestamp.so
auth            include         system-auth
account         required        pam_permit.so
session         required        pam_permit.so
session         optional        pam_xauth.so
session         optional        pam_timestamp.so

and another file /etc/security/console.apps/stap:
USER=root
PROGRAM=/notnfs/chwang/systemtap/stap
SESSION=true

/notnfs is a folder that root has full permissions for.


It's not a huge issue because there are workarounds (adding to stapdev, and some
permissions workarounds should be coming up in F12), but annoying nonetheless.

Thanks for reading :)

-C

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=10268

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]