Project

General

Profile

Actions
Copy link

Bug #2127

closed

PT Services Management: Process running at boot which shouldn't be set to start on boot are still running at boot

Added by Nicolas PERRON almost 13 years ago. Updated almost 13 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Nicolas PERRON
Category:
Techniques
Target version:
2.3.5
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

sles-10-sp2-32:~ # chkconfig -l
...
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
...


sles-10-sp2-32:~ #/opt/rudder/sbin/cf-agent -KI
...
R: @@ServicesManagement@@result_repaired@@03c9bef3-eed5-4732-91a8-7d13442c3124@@8f5b410a-5b8c-48a8-aff1-aea13950594c@@37@@Service starting parameters@@boot.apparmor@@2011-12-12 17:08:31+01:00##f37eb9e1-141b-4740-bd64-8a5c125ef555@#boot.apparmor has been prevented to start on boot
...


sles-10-sp2-32:~ # chkconfig -l
...
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
...

OS: SLES 10 SP2 32 bits

Actions
Copy link
 #1

Updated by Nicolas PERRON almost 13 years ago

It seems that it works on SLES 11 64 bits...

Actions
Copy link
 #2

Updated by Nicolas PERRON almost 13 years ago

This PT works on SLES 10 if init script are initialized by default run level.

sles-10-sp2-32:~ # insserv -d boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  on

Indeed, after reboot boot.apparmor is loaded:

sles-10-sp2-32:~ # /etc/init.d/boot.apparmor status
apparmor module is loaded.
10 profiles are loaded.
10 profiles are in enforce mode.
   /usr/sbin/ntpd
   /usr/sbin/identd
   /sbin/klogd
   /sbin/syslogd
   /sbin/syslog-ng
   /usr/sbin/traceroute
   /usr/sbin/nscd
   /bin/ping
   /usr/sbin/mdnsd
   /usr/sbin/named
0 profiles are in complain mode.
4 processes have profiles defined.
4 processes are in enforce mode :
   /sbin/klogd (2255) 
   /usr/sbin/ntpd (2549) 
   /sbin/syslog-ng (2251) 
   /usr/sbin/nscd (2647)

even if boot.apparmor doesn't appear at chkconfig -l:

sles-10-sp2-32:~ # chkconfig -l
Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autofs                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
...

And if we try to disable boot.apparmor:

sles-10-sp2-32:~ # insserv -r boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  off

After a reboot:

sles-10-sp2-32:~ # /etc/init.d/boot.apparmor status
apparmor module is not loaded.

The problem appears if the init-script is loaded with runlevel option

sles-10-sp2-32:~ # chkconfig boot.apparmor on --level 2,3,5
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  235
sles-10-sp2-32:~ # chkconfig -l
Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autofs                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
...
sles-10-sp2-32:~ # insserv -r boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  235
sles-10-sp2-32:~ # chkconfig -l
Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autofs                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
...
Actions
Copy link
 #3

Updated by Jonathan CLARKE almost 13 years ago

  • Status changed from New to 2
  • Assignee set to Nicolas PERRON

In the sshConfiguration PT, we worked around this using "/sbin/chkconfig --del". Have you tried this approach? It may work better.

Either way, we definitely need to fix this bug, otherwise this PT is a long way from doing what it says!

Actions
Copy link
 #4

Updated by Nicolas PERRON almost 13 years ago

chkconfig --del doesn't resolve the issue.
chkconfig -d or insserv -r remove only default runlevel.

sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 #default runlevels for ntp are 2,3,5
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # chkconfig -d ntp
ntp                       0:off  1:on   2:off  3:off  4:off  5:off  6:off
sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # insserv -r ntp
sles-10-sp2-32:~ # chkconfig ntp
ntp  1

The only solution i've found is to set default runlevel in order to remove a init script from boot:

  • With chkconfig
    sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # chkconfig ntp on
sles-10-sp2-32:~ # chkconfig ntp
ntp  on
sles-10-sp2-32:~ # chkconfig -d ntp
ntp                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
sles-10-sp2-32:~ # chkconfig ntp
ntp  off
  • With insserv:
    sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # insserv -d ntp
sles-10-sp2-32:~ # chkconfig ntp
ntp  on
sles-10-sp2-32:~ # insserv -r ntp
sles-10-sp2-32:~ # chkconfig ntp
ntp  off
Actions
Copy link
 #5

Updated by Nicolas PERRON almost 13 years ago

Found it !

sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # insserv -rd ntp
sles-10-sp2-32:~ # chkconfig ntp
ntp  off
sles-10-sp2-32:~ # chkconfig boot.apparmor on --level 1,2,3
sles-10-sp2-32:~ # insserv -r boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  123
sles-10-sp2-32:~ # insserv -rd boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  off

Actions
Copy link
 #6

Updated by Nicolas PERRON almost 13 years ago

  • Status changed from 2 to Pending technical review
  • % Done changed from 0 to 100

Applied in changeset commit:f841b1b08ff02e6e9e24ab200d5fa7405895e79f.

Actions
Copy link
 #7

Updated by Jonathan CLARKE almost 13 years ago

  • Status changed from Pending technical review to Released
Actions
Copy link

Also available in: Atom PDF