This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug runtime/10268] Cannot re-run script after failed run (module file not removed)
- From: "chwang at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sources dot redhat dot com
- Date: 15 Jun 2009 20:55:54 -0000
- Subject: [Bug runtime/10268] Cannot re-run script after failed run (module file not removed)
- References: <20090612144237.10268.chwang@redhat.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From chwang at redhat dot com 2009-06-15 20:55 -------
(In reply to comment #2)
> Can you elaborate on the permission model that consolehelper gives you?
> Normally only staprun is at root (via setuid), and it should drop back to user
> permissions before exec'ing stapio. It's also strange that you have lingering
> stapio processes, because those should be exec'ed back to staprun when they
> attempt to unload the module.
Consolehelper is supposed to simulate root privileges when you run a command, so
this could be why the entire stap command shows up as belonging to root. But I
don't know enough about the permission model to say any more...
However, I know that the second command works fine if executing as root without
Consolehelper.
i.e. after the failed run, ps aux | grep stap shows:
root 29710 0.0 0.0 8188 268 pts/0 S 16:44 0:00
/usr/local/libexec/systemtap/stapio -o [snip]
/stap_ab9abab74364624017a2d3df233ae4b0_4434.ko
But calling sudo stap <script> returns the right result. (And using the
Consolehelper link does not)
Stuff that might help:
To make Consolehelper work, we have a file in /etc/pam.d called stap:
auth sufficient pam_rootok.so
auth sufficient pam_timestamp.so
auth include system-auth
account required pam_permit.so
session required pam_permit.so
session optional pam_xauth.so
session optional pam_timestamp.so
and another file /etc/security/console.apps/stap:
USER=root
PROGRAM=/notnfs/chwang/systemtap/stap
SESSION=true
/notnfs is a folder that root has full permissions for.
It's not a huge issue because there are workarounds (adding to stapdev, and some
permissions workarounds should be coming up in F12), but annoying nonetheless.
Thanks for reading :)
-C
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10268
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.