Actions
Bug #2127
closed
PT Services Management: Process running at boot which shouldn't be set to start on boot are still running at boot
Added by Nicolas PERRON over 12 years ago. Updated over 12 years ago.
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
sles-10-sp2-32:~ # chkconfig -l ... boot.apparmor 0:off 1:off 2:on 3:on 4:off 5:on 6:off ...
sles-10-sp2-32:~ #/opt/rudder/sbin/cf-agent -KI ... R: @@ServicesManagement@@result_repaired@@03c9bef3-eed5-4732-91a8-7d13442c3124@@8f5b410a-5b8c-48a8-aff1-aea13950594c@@37@@Service starting parameters@@boot.apparmor@@2011-12-12 17:08:31+01:00##f37eb9e1-141b-4740-bd64-8a5c125ef555@#boot.apparmor has been prevented to start on boot ...
sles-10-sp2-32:~ # chkconfig -l ... boot.apparmor 0:off 1:off 2:on 3:on 4:off 5:on 6:off ...
OS: SLES 10 SP2 32 bits
Updated by Nicolas PERRON over 12 years ago
It seems that it works on SLES 11 64 bits...
Updated by Nicolas PERRON over 12 years ago
This PT works on SLES 10 if init script are initialized by default run level.
sles-10-sp2-32:~ # insserv -d boot.apparmor sles-10-sp2-32:~ # chkconfig boot.apparmor boot.apparmor on
Indeed, after reboot boot.apparmor is loaded:
sles-10-sp2-32:~ # /etc/init.d/boot.apparmor status apparmor module is loaded. 10 profiles are loaded. 10 profiles are in enforce mode. /usr/sbin/ntpd /usr/sbin/identd /sbin/klogd /sbin/syslogd /sbin/syslog-ng /usr/sbin/traceroute /usr/sbin/nscd /bin/ping /usr/sbin/mdnsd /usr/sbin/named 0 profiles are in complain mode. 4 processes have profiles defined. 4 processes are in enforce mode : /sbin/klogd (2255) /usr/sbin/ntpd (2549) /sbin/syslog-ng (2251) /usr/sbin/nscd (2647)
even if boot.apparmor doesn't appear at chkconfig -l:
sles-10-sp2-32:~ # chkconfig -l Makefile 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_init 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off aaeventd 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:on 3:on 4:off 5:on 6:off apache2 0:off 1:off 2:off 3:off 4:off 5:off 6:off atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off auditd 0:off 1:off 2:off 3:off 4:off 5:off 6:off autofs 0:off 1:off 2:off 3:on 4:off 5:on 6:off autoyast 0:off 1:off 2:off 3:off 4:off 5:off 6:off cron 0:off 1:off 2:on 3:on 4:off 5:on 6:off dbus 0:off 1:off 2:off 3:on 4:off 5:on 6:off earlykbd 0:off 1:off 2:off 3:off 4:off 5:on 6:off earlysyslog 0:off 1:off 2:off 3:off 4:off 5:on 6:off evms 0:off 1:off 2:off 3:off 4:off 5:off 6:off fbset 0:off 1:on 2:on 3:on 4:off 5:on 6:off ...
And if we try to disable boot.apparmor:
sles-10-sp2-32:~ # insserv -r boot.apparmor sles-10-sp2-32:~ # chkconfig boot.apparmor boot.apparmor off
After a reboot:
sles-10-sp2-32:~ # /etc/init.d/boot.apparmor status apparmor module is not loaded.
The problem appears if the init-script is loaded with runlevel option
sles-10-sp2-32:~ # chkconfig boot.apparmor on --level 2,3,5 sles-10-sp2-32:~ # chkconfig boot.apparmor boot.apparmor 235 sles-10-sp2-32:~ # chkconfig -l Makefile 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_init 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off aaeventd 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:on 3:on 4:off 5:on 6:off apache2 0:off 1:off 2:off 3:off 4:off 5:off 6:off atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off auditd 0:off 1:off 2:off 3:off 4:off 5:off 6:off autofs 0:off 1:off 2:off 3:on 4:off 5:on 6:off autoyast 0:off 1:off 2:off 3:off 4:off 5:off 6:off boot.apparmor 0:off 1:off 2:on 3:on 4:off 5:on 6:off cron 0:off 1:off 2:on 3:on 4:off 5:on 6:off dbus 0:off 1:off 2:off 3:on 4:off 5:on 6:off earlykbd 0:off 1:off 2:off 3:off 4:off 5:on 6:off earlysyslog 0:off 1:off 2:off 3:off 4:off 5:on 6:off evms 0:off 1:off 2:off 3:off 4:off 5:off 6:off fbset 0:off 1:on 2:on 3:on 4:off 5:on 6:off ... sles-10-sp2-32:~ # insserv -r boot.apparmor sles-10-sp2-32:~ # chkconfig boot.apparmor boot.apparmor 235 sles-10-sp2-32:~ # chkconfig -l Makefile 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_init 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off aaeventd 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:on 3:on 4:off 5:on 6:off apache2 0:off 1:off 2:off 3:off 4:off 5:off 6:off atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off auditd 0:off 1:off 2:off 3:off 4:off 5:off 6:off autofs 0:off 1:off 2:off 3:on 4:off 5:on 6:off autoyast 0:off 1:off 2:off 3:off 4:off 5:off 6:off boot.apparmor 0:off 1:off 2:on 3:on 4:off 5:on 6:off cron 0:off 1:off 2:on 3:on 4:off 5:on 6:off dbus 0:off 1:off 2:off 3:on 4:off 5:on 6:off earlykbd 0:off 1:off 2:off 3:off 4:off 5:on 6:off earlysyslog 0:off 1:off 2:off 3:off 4:off 5:on 6:off evms 0:off 1:off 2:off 3:off 4:off 5:off 6:off fbset 0:off 1:on 2:on 3:on 4:off 5:on 6:off ...
Updated by Jonathan CLARKE over 12 years ago
- Status changed from New to 2
- Assignee set to Nicolas PERRON
In the sshConfiguration PT, we worked around this using "/sbin/chkconfig --del". Have you tried this approach? It may work better.
Either way, we definitely need to fix this bug, otherwise this PT is a long way from doing what it says!
Updated by Nicolas PERRON over 12 years ago
chkconfig --del doesn't resolve the issue.
chkconfig -d or insserv -r remove only default runlevel.
sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 #default runlevels for ntp are 2,3,5 sles-10-sp2-32:~ # chkconfig ntp ntp 123 sles-10-sp2-32:~ # chkconfig -d ntp ntp 0:off 1:on 2:off 3:off 4:off 5:off 6:off sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 sles-10-sp2-32:~ # chkconfig ntp ntp 123 sles-10-sp2-32:~ # insserv -r ntp sles-10-sp2-32:~ # chkconfig ntp ntp 1
The only solution i've found is to set default runlevel in order to remove a init script from boot:
- With chkconfig
sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 sles-10-sp2-32:~ # chkconfig ntp ntp 123 sles-10-sp2-32:~ # chkconfig ntp on sles-10-sp2-32:~ # chkconfig ntp ntp on sles-10-sp2-32:~ # chkconfig -d ntp ntp 0:off 1:off 2:off 3:off 4:off 5:off 6:off sles-10-sp2-32:~ # chkconfig ntp ntp off
- With insserv:
sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 sles-10-sp2-32:~ # chkconfig ntp ntp 123 sles-10-sp2-32:~ # insserv -d ntp sles-10-sp2-32:~ # chkconfig ntp ntp on sles-10-sp2-32:~ # insserv -r ntp sles-10-sp2-32:~ # chkconfig ntp ntp off
Updated by Nicolas PERRON over 12 years ago
Found it !
sles-10-sp2-32:~ # chkconfig ntp on --level 1,2,3 sles-10-sp2-32:~ # chkconfig ntp ntp 123 sles-10-sp2-32:~ # insserv -rd ntp sles-10-sp2-32:~ # chkconfig ntp ntp off sles-10-sp2-32:~ # chkconfig boot.apparmor on --level 1,2,3 sles-10-sp2-32:~ # insserv -r boot.apparmor sles-10-sp2-32:~ # chkconfig boot.apparmor boot.apparmor 123 sles-10-sp2-32:~ # insserv -rd boot.apparmor sles-10-sp2-32:~ # chkconfig boot.apparmor boot.apparmor off
Updated by Nicolas PERRON over 12 years ago
- Status changed from 2 to Pending technical review
- % Done changed from 0 to 100
Applied in changeset commit:f841b1b08ff02e6e9e24ab200d5fa7405895e79f.
Updated by Jonathan CLARKE over 12 years ago
- Status changed from Pending technical review to Released
Actions