Project

General

Profile

Actions

Bug #2127

closed

PT Services Management: Process running at boot which shouldn't be set to start on boot are still running at boot

Added by Nicolas PERRON about 13 years ago. Updated about 13 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Nicolas PERRON
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

sles-10-sp2-32:~ # chkconfig -l
...
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
...

sles-10-sp2-32:~ #/opt/rudder/sbin/cf-agent -KI
...
R: @@ServicesManagement@@result_repaired@@03c9bef3-eed5-4732-91a8-7d13442c3124@@8f5b410a-5b8c-48a8-aff1-aea13950594c@@37@@Service starting parameters@@boot.apparmor@@2011-12-12 17:08:31+01:00##f37eb9e1-141b-4740-bd64-8a5c125ef555@#boot.apparmor has been prevented to start on boot
...

sles-10-sp2-32:~ # chkconfig -l
...
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
...

OS: SLES 10 SP2 32 bits

Actions #1

Updated by Nicolas PERRON about 13 years ago

It seems that it works on SLES 11 64 bits...

Actions #2

Updated by Nicolas PERRON about 13 years ago

This PT works on SLES 10 if init script are initialized by default run level.

sles-10-sp2-32:~ # insserv -d boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  on

Indeed, after reboot boot.apparmor is loaded:

sles-10-sp2-32:~ # /etc/init.d/boot.apparmor status
apparmor module is loaded.
10 profiles are loaded.
10 profiles are in enforce mode.
   /usr/sbin/ntpd
   /usr/sbin/identd
   /sbin/klogd
   /sbin/syslogd
   /sbin/syslog-ng
   /usr/sbin/traceroute
   /usr/sbin/nscd
   /bin/ping
   /usr/sbin/mdnsd
   /usr/sbin/named
0 profiles are in complain mode.
4 processes have profiles defined.
4 processes are in enforce mode :
   /sbin/klogd (2255) 
   /usr/sbin/ntpd (2549) 
   /sbin/syslog-ng (2251) 
   /usr/sbin/nscd (2647) 

even if boot.apparmor doesn't appear at chkconfig -l:

sles-10-sp2-32:~ # chkconfig -l
Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autofs                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
...

And if we try to disable boot.apparmor:

sles-10-sp2-32:~ # insserv -r boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  off

After a reboot:

sles-10-sp2-32:~ # /etc/init.d/boot.apparmor status
apparmor module is not loaded.

The problem appears if the init-script is loaded with runlevel option

sles-10-sp2-32:~ # chkconfig boot.apparmor on --level 2,3,5
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  235
sles-10-sp2-32:~ # chkconfig -l
Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autofs                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
...
sles-10-sp2-32:~ # insserv -r boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  235
sles-10-sp2-32:~ # chkconfig -l
Makefile                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off
aaeventd                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
acpid                     0:off  1:off  2:on   3:on   4:off  5:on   6:off
apache2                   0:off  1:off  2:off  3:off  4:off  5:off  6:off
atd                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
auditd                    0:off  1:off  2:off  3:off  4:off  5:off  6:off
autofs                    0:off  1:off  2:off  3:on   4:off  5:on   6:off
autoyast                  0:off  1:off  2:off  3:off  4:off  5:off  6:off
boot.apparmor             0:off  1:off  2:on   3:on   4:off  5:on   6:off
cron                      0:off  1:off  2:on   3:on   4:off  5:on   6:off
dbus                      0:off  1:off  2:off  3:on   4:off  5:on   6:off
earlykbd                  0:off  1:off  2:off  3:off  4:off  5:on   6:off
earlysyslog               0:off  1:off  2:off  3:off  4:off  5:on   6:off
evms                      0:off  1:off  2:off  3:off  4:off  5:off  6:off
fbset                     0:off  1:on   2:on   3:on   4:off  5:on   6:off
...
Actions #3

Updated by Jonathan CLARKE about 13 years ago

  • Status changed from New to 2
  • Assignee set to Nicolas PERRON

In the sshConfiguration PT, we worked around this using "/sbin/chkconfig --del". Have you tried this approach? It may work better.

Either way, we definitely need to fix this bug, otherwise this PT is a long way from doing what it says!

Actions #4

Updated by Nicolas PERRON about 13 years ago

chkconfig --del doesn't resolve the issue.
chkconfig -d or insserv -r remove only default runlevel.

sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 #default runlevels for ntp are 2,3,5
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # chkconfig -d ntp
ntp                       0:off  1:on   2:off  3:off  4:off  5:off  6:off
sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # insserv -r ntp
sles-10-sp2-32:~ # chkconfig ntp
ntp  1

The only solution i've found is to set default runlevel in order to remove a init script from boot:

  • With chkconfig
    sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
    sles-10-sp2-32:~ # chkconfig ntp
    ntp  123
    sles-10-sp2-32:~ # chkconfig ntp on
    sles-10-sp2-32:~ # chkconfig ntp
    ntp  on
    sles-10-sp2-32:~ # chkconfig -d ntp
    ntp                       0:off  1:off  2:off  3:off  4:off  5:off  6:off
    sles-10-sp2-32:~ # chkconfig ntp
    ntp  off
     
  • With insserv:
    sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
    sles-10-sp2-32:~ # chkconfig ntp
    ntp  123
    sles-10-sp2-32:~ # insserv -d ntp
    sles-10-sp2-32:~ # chkconfig ntp
    ntp  on
    sles-10-sp2-32:~ # insserv -r ntp
    sles-10-sp2-32:~ # chkconfig ntp
    ntp  off
    
     
Actions #5

Updated by Nicolas PERRON about 13 years ago

Found it !

sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3
sles-10-sp2-32:~ # chkconfig ntp
ntp  123
sles-10-sp2-32:~ # insserv -rd ntp
sles-10-sp2-32:~ # chkconfig ntp
ntp  off
sles-10-sp2-32:~ # chkconfig boot.apparmor on --level 1,2,3
sles-10-sp2-32:~ # insserv -r boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  123
sles-10-sp2-32:~ # insserv -rd boot.apparmor
sles-10-sp2-32:~ # chkconfig boot.apparmor
boot.apparmor  off

Actions #6

Updated by Nicolas PERRON about 13 years ago

  • Status changed from 2 to Pending technical review
  • % Done changed from 0 to 100

Applied in changeset commit:f841b1b08ff02e6e9e24ab200d5fa7405895e79f.

Actions #7

Updated by Jonathan CLARKE about 13 years ago

  • Status changed from Pending technical review to Released
Actions

Also available in: Atom PDF