03/19/2007 lspp Meeting Minutes:
===============================
Attendees
Lawrence Wilson (IBM) - LW
George Wilson (IBM) - GW
Kris Wilson (IBM) - KEW
Loulwa Salem (IBM) - LS
Debora Velarde (IBM) - DV
Joy Latten (IBM) - JL
Kylene J Hall (IBM) - KH
Klaus Kiwi (IBM) - KK
Irina Boverman (Red Hat) - IB
Steve Grubb (Red Hat) - SG
Dan Walsh (Red Hat) - DW
Eric Paris (Red Hat) - EP
Lisa Smith (HP) - LMS
Linda Knippers (HP) - LK
Matt Anderson (HP) - MA
Paul Moore (HP) - PM
Chad Hanson (TCS) - CH
Joe Nall - JN
Agenda:
General Issues
Bug Discussion
RHEL 5+ Packages:
acl-2.2.39-2.el5
audit-1.3.1-3.el5
audit-libs-1.3.1-3.el5
audit-libs-devel-1.3.1-3.el5
audit-libs-python-1.3.1-3.el5
kernel-2.6.18-8.1.1.el5.lspp.68
kernel-devel-2.6.18-8.1.1.el5.lspp.68
kernel-doc-2.6.18-8.1.1.el5.lspp.68
libacl-2.2.39-2.el5
libacl-devel-2.2.39-2.el5
mcstrans-0.2.3-1.el5
openssh-4.3p2-18.el5
openssh-askpass-4.3p2-18.el5
openssh-clients-4.3p2-18.el5
openssh-server-4.3p2-18.el5
pam-0.99.6.2-3.17.el5
pam-devel-0.99.6.2-3.17.el5
selinux-policy-2.4.6-45.el5
selinux-policy-devel-2.4.6-45.el5
selinux-policy-mls-2.4.6-45.el5
selinux-policy-strict-2.4.6-45.el5
selinux-policy-targeted-2.4.6-45.el5
vixie-cron-4.1-66.2.el5
lspp-eal4-config-ibm-0.21-1
rbac-self-test (TBD in config RPM)
cups (New package pending)
Tracker Bug:
https://bugzilla.redhat.com/bugzilla/showdependencytree.cgi?id=224041
Query:
https://bugzilla.redhat.com/bugzilla/buglist.cgi?cmdtype=runnamed&namedcmd=RHEL%205.0%20LSPP&[EMAIL PROTECTED]
GW: any general issues before we get into bug list
LW: I was not paying attention if we discussed this earlier, do we have a
prioritization scheme on the bugs? Which ones get fixed first?
GW: not really, we are going by priority in RH bugzilla, if we decide some
are not relevant then Irena will get them out of the list, that's a good
question to bring up, thanks Larry. So any other issues?
Bug List:
231371 med med pow [EMAIL PROTECTED] ASSI LSPP: audit=0 appears not to disable
syscall auditing
GW: as far as I know, there is a patch which I did not test yet. Has it been
incorporated into a package?
EP: it's in .68, Once it's tested we'll get it off the list
231690 hig med x86 [EMAIL PROTECTED] ASSI LSPP: system hangs under audit
stress testing
EP: should be fixed in .68
LS: I am currently testing that one. We run the test and iterate over it 6
million times, so it's still running. I'll update the bug with the
result.
232967 med med All [EMAIL PROTECTED] ASSI LSPP: Add audit rule bit
operators patch
EP: This is a new bug opened couple of hours ago. The patch should show up
in .69, which is currently in our build system
231090 med med ppc [EMAIL PROTECTED] ASSI LSPP: getattr
causes python Segfault
GW: kylie had this one
SG: saw action on one of the two segfault python one.
GW: it wasn't this one I don't think.
KH: yeah, last update is what you asked me to add last week
SG: Dan is taking a look to see if that's the one he fixed with libselinux
231695 hig med ppc [EMAIL PROTECTED] ASSI LSPP: user unable to ssh to
system with user/role/level c...
LS: this is the one where we can't log in when we specify role and level.
Tomas asked for some information and I updated the bug with that this
morning
DW: Tomas he fixed the problem with not allowing to log in, however, his
patch allows you to log in at a wrong range that is out of the permitted
user range. I tried it
GW: do you have a date for the next package
SG: he maybe building one as we speak
231522 urg med ppc [EMAIL PROTECTED] ASSI [LSPP] cupsd
crash
GW: last update from Tim is "problem understood". So is there new package
coming?
SG: I'll check on that tomorrow and see status
231529 hig med All [EMAIL PROTECTED] ASSI [LSPP] bogus audit records with
cups printing
SG: need to talk to tim about that one as well
228366 nor nor All [EMAIL PROTECTED] ASSI LSPP: audit does not log obj
label for signal recipient
EP: I think Amy said she is not gonna have things in next couple of days
LK: she might have something tomorrow
EP: so we might get .69 today and .70 tomorrow.
228409 med nor All [EMAIL PROTECTED] ASSI LSPP: regular ipsec in upstream
kernel crashes
EP: hopefully that's fixed in .68, hoping to hear from Joy to see if she
sees it again
JL: before I leave today, I'll try to run stress test on latest upstream
EP: are you saying you need it fixed in upstream
JL: I never saw it in lspp kernel
EP: I'll check with Al then
SG: Al should queue patch for 2.6.10.2
EP: he was working on that today I believe
JL: but fix was in lspp.68 kernel
EP: I believe so
JL: I stressed tested the .68 and it seems fine
EP: I'll get you info on testing upstream
218386 nor nor pow [EMAIL PROTECTED] ASSI LSPP: labeled ipsec does not
work over loopback
JL: still working on that one
GW: you have date
JL: I'll have all my defects done by friday
225328 nor nor All [EMAIL PROTECTED] ASSI LSPP: ipsec drops first packet
when using IKE daemon
JL: this friday too, one of the fixes is in upstream, but there is more work
EP: are you still working on fixing multiple SAs?
JL: right, I was seeing 3 identical SAs instead of 1. The patch I sent got
rid of one of the acquire SA, but there is a second acquire. I need to
find where that one is coming from, and I'm not sure where to look
EP: do you have a good grip on it? if not, you might want to send all you
have to netdev
JL: I did, and no one responded really. I couldn't do it last week, but this
week I'm free to chase this
EP: I'll look into it
JL: I was thinking of Venkat as well, we said last week that I'll talk to
him privately and see if he can help
GW: chad, you think Venkat can help?
CH: He is working on other things, but he should be able to help.
228384 nor nor All [EMAIL PROTECTED] ASSI LSPP: audit does not log obj
label for traced process
EP: have something in .68, if someone can test and put that in there
LK: looks like Amy updated that and said she tested it
GW: you're right .. didn't see that
EP: great, I'll make it disappear
229527 med nor All [EMAIL PROTECTED] ASSI LSPP: flow cache entries remain
valid even after selinux ...
JL: Eric, I tested that but I don't have power to close RH bugs though
EP: did you update the bug
JL: would not let me do that either
EP: Ok, I'll look into that. thanks
229720 med nor All [EMAIL PROTECTED] ASSI LSPP: pfkey_spdget does not
audit xrfm policy changes
JL: working on a test program to test this one as we speak
GW: so you'll have it tested in next couple of days
JL: in next hour. I'm working on test program now
229732 med nor All [EMAIL PROTECTED] ASSI LSPP: pfkey_delete and
xfrm_del_sa audit hook is misplaced.
JL: my test program will test that one as well
230620 med nor All [EMAIL PROTECTED] ASSI LSPP:
xfrm_add_sa_expire bug
JL: that one too
230663 med nor s39 [EMAIL PROTECTED] ASSI LSPP: random problems with the
python rpm
KH: still have no idea what's going on there
GW: were we able to produce this on other hosts
KH: we produced it on both our Zseries partitions
GW: sounds like it's not environment dependent, what can we do to speed it?
SG: Jeremy is back. I'll talk to him. It might be worth retrying this on .69
kernel. I was getting random strange things before due to the slab
corruption. Is there anything in dmesg about slab corruptions
KH: wasn't checking, I'll try to watch out for that
SG: try the .69 which should come out soon.
223532 nor nor All [EMAIL PROTECTED] ASSI [LSPP] crontab manpages
reference older environment variable
GW: this was a document thing
EP: did an updated crontab rpm get pushed in lspp repo?
SG: updated crontab packages are not there
EP: ok, because I got the one out of the repo and it still had this doc bug
in it
228107 nor nor All [EMAIL PROTECTED] ASSI [LSPP] Labels for labeled
printing don't linewrap
MA: I was still having problems with landscape. I am taking a different
approach and it seems to be dealing with landscape much better. I needed
to change way label is passed between cups and filter so that the filter
knows this is an lspp specific label instead of generic label. should be
out in next day or so
GW: ok, thanks
229673 urg nor All [EMAIL PROTECTED] ASSI [LSPP] cups is overriding mls
when querying jobs with lpq -al
LK: that one had a patch submitted few weeks ago
GW: yup 2/26, so we are just waiting on package
MA: tim has patch for next one
GW: yup would be ...
MA: I am waiting on .. That is probably on same state as the other one, just
needs a package to be built
SG: he was waiting for feedback on that one, to try a rawhide rpm I think
MA: oh, it's build in the rawhide package. I can try that
SG: yeah, just update the bugzilla to let me know what's the status
GW: yeah anytime there is status update, just update the bugzilla so that we
keep track of everything
230613 urg nor All [EMAIL PROTECTED] ASSI [LSPP] cups is allowing users to
delete other user's job
232705 hig hig All [EMAIL PROTECTED] NEW LSPP: getting slab corruption
messages
SG: after .69 is out I'll test it and mark as duplicate of 223919
EP: are you sure steve? I thought that was a different one
LK: are you gonna post the patch?
SG: Al posted patch today morning on linux-audit
232229 hig med i38 [EMAIL PROTECTED] NEW [LSPP] Python segfaults with
'getfilecon' in i386
232508 nor med All [EMAIL PROTECTED] NEW LSPP: racoon segfaults between a
64bit platfom and a 32 b...
EP: This has a patch from Joy I believe
JL: I stress tested over the weekend and everything so far looks ok
SG: I'll see if I can get something going on that one overnight
GW: The patch is a link to the mailing list
JL: yeah, I posted it there but no one payed attention to it
GW: is it better to attach the patch directly to the bug, or is the link to
the mailing list posting ok Steve?
SG: would be better to attach the patch directly
GW: can you do that joy
JL: yes
232524 med med All [EMAIL PROTECTED] NEW LSPP: the audit record for
ipsec when printing ipv6 addre...
JL: that's a patch with a space. I forgot to add a space between source and
destination fields. It's a very minor patch but should make our testing
better. I'll include it in another patch maybe
EP: Joy, I don't care if it's a link to upstream
231178 urg med s39 [EMAIL PROTECTED] NEW LSPP: setfattr
Segfaults on s390x
GW: kylie verified package was correct
KH: packages does not have setfattr command, it seems it's corrupted. Selina
tried to build from source and she couldn't get it to work either.
GW: seems there is a problem with the s390 build environment
SG: might be slab corruption as well
KH: ok, I'll test with .69 once it comes out
223840 hig nor All [EMAIL PROTECTED] NEW [LSPP] getfacl fails to
correctly display all information...
KK: I updated this one
EP: I'll get this one on it's way
GW: looks good, we'll get more testing. Any other issues?
KH: I thought debora was gonna open a bug about readlink_at not putting
object label in there
DV: I need to look into that as well
KH: I see that as well on x390. Another issue is that when I create tunnel
devices on x86_64 and I try to remove them later with semanage I get
left over info (in /etc/selinux/mls/modules/active). The entry in
nodes.local is remaining
EP: do you mean policy or network interface
KH: I'm talking about network interface
JL: we don't see anything removed from nodes.local file, and on deletion the
info is not removed
DW: report it as a bug and I'll take a look at it.
GW: any other issues.
KK: there is a problem with the context change when using semanage
GW: I remember Lou had a problem like that before
LS: yeah, I never opened a bug because I was not able to reproduce it. I had
talked to Dan about this but it stopped happening. Are you still seeing
it Klaus?
KK: Camilo was seeing that problem, but he was using old code
LS: Once I updated, I stopped seeing it, so it might be he just needs to
update as well.
KH: did we skip the bug about getxattr on s390
DW: we can ping Jeremy about it
LW: last week there was mentioning of getting a target date of the 23, is
that still the date
GW: yeah, we agreed on that, we are still driving to that date and we will
shut down everything as fast as we can by then or soon after. This
brings up the issue of how realistic we can achieve that with bugs like
the slab corruption and memory leak.
SG: sounds like most of the bugs either need verifying or are fixed and need
to be pushed to repo. And some of them should be fixed by the slab
corruption fix.
EP: Steve, we need to be careful about those bugs we are blaming on the slab
corruption, the slab issue appeared after .65, so anything before that
we can't blame them on it
GW: we are hoping we will get the bugs tested and verified as soon as
possible. and we want to try to contain the re-spin bugs that will cause
us to retest
SG: there are some bugs that we can't put into lspp yet
GW: do you have date on that?
SG: I'll get you a date. as far as lspp testing you don't need that
GW: we are hoping to enter formal testing though and so is HP I believe. So
should we put a new dates then?
SG: not sure, I'll have to see when the bugs go public
GW: we have to shut down everything before we start formal test because any
changes to the packages will cause retesting which will delay everyone
and we would like to avoid that. Any other issues? Ok thanks everyone,
we'll adjourn.
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
