Subject: | |
From: | |
Reply To: | |
Date: | Mon, 18 Nov 2013 14:10:08 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
The switch to 'cat' was added to resolve the following selinux errors:
avc: denied { write } for pid=XXXX comm="groupadd"
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX
scontext=user_u:system_r:groupadd_t:s0 tcontext=user_u:object_r:tmp_t:s0
tclass=file
avc: denied { write } for pid=XXXX comm="restorecon"
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX
scontext=user_u:system_r:restorecon_t:s0
tcontext=user_u:object_r:tmp_t:s0 tclass=file
avc: denied { write } for pid=XXXX comm="rpc.statd"
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX
scontext=user_u:system_r:rpcd_t:s0 tcontext=user_u:object_r:tmp_t:s0
tclass=file
avc: denied { write } for pid=XXXX comm="semodule"
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX
scontext=user_u:system_r:semanage_t:s0 tcontext=user_u:object_r:tmp_t:s0
tclass=file
avc: denied { write } for pid=XXXX comm="tzdata-update"
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX
scontext=user_u:system_r:tzdata_t:s0 tcontext=user_u:object_r:tmp_t:s0
tclass=file
avc: denied { write } for pid=XXXX comm="useradd"
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX
scontext=user_u:system_r:useradd_t:s0 tcontext=user_u:object_r:tmp_t:s0
tclass=file
These didn't prevent the execution of the commands, but did interfere
with the logging to the tempfile. The issue was reported by Gilles
Detillieux in Oct 2012 and included a patch (currently applied).
I fear the provided suggestion doesn't quite solve the issue of being
unable to check the exit code of yum:
------------------------------
#!/bin/bash
{
yum --disablerepo=* install kedddrnel
stat=$?
} 2>&1 | cat > /tmp/asdf
echo "RC: $?"
echo "stat: $stat"
# cleanup temp file
rm -f /tmp/asdf
#----------------------------
Still researching......
Pat
On 11/18/2013 10:56 AM, Elias Persson wrote:
> Not really, given the use case (send mail with output in case of
> errors). Not sure why the cat is necessary, but if it really is,
> something like:
>
> {
> yum ...
> status=$?
> } 2>&1 | cat ...
>
> should probably do.
>
> On 2013-11-18 17:09, Paul Robert Marino wrote:
>> the logger command may be a better choice than a static file.
>>
>>
>> On Mon, Nov 18, 2013 at 9:19 AM, Pat Riehecky <[log in to unmask]> wrote:
>>> Let me look into it.
>>>
>>> Pat
>>>
>>>
>>> On 11/15/2013 07:19 PM, William Taylor wrote:
>>>>
>>>> In /etc/cron.daily/yum-autoupdate if yum exits with an error it will
>>>> never be considered an
>>>> error because cat will exit with no error. This results with errors
>>>> not
>>>> being processed and
>>>> emails not going out. Can this be re-written to not rely on cat so
>>>> this
>>>> won't happen ?
>>>>
>>>> /usr/bin/yum -c $TEMPCONFIGFILE -e 0 -d 1 -y $SECURITY update 2>&1
>>>> | cat
>>>>>
>>>>> $TEMPFILE
>>>>
>>>>
>>>> Thanks,
>>>> William
>>>
>>>
>>>
>>> --
>>> Pat Riehecky
>>>
>>> Scientific Linux developer
>>> http://www.scientificlinux.org/
--
Pat Riehecky
Scientific Linux developer
http://www.scientificlinux.org/
|
|
|