SCIENTIFIC-LINUX-DEVEL Archives

November 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: yum-autoupdate
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Mon, 18 Nov 2013 14:10:08 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (115 lines) 
The switch to 'cat' was added to resolve the following selinux errors:

avc:  denied  { write } for  pid=XXXX comm="groupadd" 
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX 
scontext=user_u:system_r:groupadd_t:s0 tcontext=user_u:object_r:tmp_t:s0 
tclass=file
avc:  denied  { write } for  pid=XXXX comm="restorecon" 
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX 
scontext=user_u:system_r:restorecon_t:s0 
tcontext=user_u:object_r:tmp_t:s0 tclass=file
avc:  denied  { write } for  pid=XXXX comm="rpc.statd" 
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX 
scontext=user_u:system_r:rpcd_t:s0 tcontext=user_u:object_r:tmp_t:s0 
tclass=file
avc:  denied  { write } for  pid=XXXX comm="semodule" 
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX 
scontext=user_u:system_r:semanage_t:s0 tcontext=user_u:object_r:tmp_t:s0 
tclass=file
avc:  denied  { write } for  pid=XXXX comm="tzdata-update" 
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX 
scontext=user_u:system_r:tzdata_t:s0 tcontext=user_u:object_r:tmp_t:s0 
tclass=file
avc:  denied  { write } for  pid=XXXX comm="useradd" 
path="/tmp/yum.temp.XXXXXXXXXX" dev=sda2 ino=XXXXXXX 
scontext=user_u:system_r:useradd_t:s0 tcontext=user_u:object_r:tmp_t:s0 
tclass=file


These didn't prevent the execution of the commands, but did interfere 
with the logging to the tempfile.  The issue was reported by Gilles 
Detillieux in Oct 2012 and included a patch (currently applied).


I fear the provided suggestion doesn't quite solve the issue of being 
unable to check the exit code of yum:

------------------------------
#!/bin/bash

{
  yum --disablerepo=* install kedddrnel
  stat=$?
} 2>&1 | cat > /tmp/asdf
echo "RC: $?"

echo "stat: $stat"

# cleanup temp file
rm -f /tmp/asdf
#----------------------------


Still researching......


Pat


On 11/18/2013 10:56 AM, Elias Persson wrote:
> Not really, given the use case (send mail with output in case of 
> errors). Not sure why the cat is necessary, but if it really is, 
> something like:
>
>     {
>         yum ...
>         status=$?
>     } 2>&1 | cat ...
>
> should probably do.
>
> On 2013-11-18 17:09, Paul Robert Marino wrote:
>> the logger command may be a better choice than a static file.
>>
>>
>> On Mon, Nov 18, 2013 at 9:19 AM, Pat Riehecky <[log in to unmask]> wrote:
>>> Let me look into it.
>>>
>>> Pat
>>>
>>>
>>> On 11/15/2013 07:19 PM, William Taylor wrote:
>>>>
>>>> In /etc/cron.daily/yum-autoupdate if yum exits with an error it will
>>>> never be considered an
>>>> error because cat will exit with no error. This results with errors 
>>>> not
>>>> being processed and
>>>> emails not going out. Can this be re-written to not rely on cat so 
>>>> this
>>>> won't happen ?
>>>>
>>>> /usr/bin/yum -c $TEMPCONFIGFILE -e 0 -d 1 -y $SECURITY update 2>&1 
>>>> | cat
>>>>>
>>>>> $TEMPFILE
>>>>
>>>>
>>>> Thanks,
>>>>    William
>>>
>>>
>>>
>>> -- 
>>> Pat Riehecky
>>>
>>> Scientific Linux developer
>>> http://www.scientificlinux.org/


-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

ATOM RSS1 RSS2