Comments (4)
@szarkos Many thanks for your detailed analysis. I have updated https://bugzilla.redhat.com/show_bug.cgi?id=1997148 to identify how utimensat() is being called.
It seems wrong to modify a program to stop SELinux errors; it should be that the SELinux policy is updated to reflect what the program needs to do (unless of course the SELinux report identifies that the program is doing something that it shouldn't be doing). In this case however, i think that, especially given the magic code below, there is an argument for modifying keepalived as you suggest.
The magic code has an interesting comment in close_and_restore() (which is where the MAGIC_PRESERVE_ATIME functionality is):
if ((ms->flags & MAGIC_PRESERVE_ATIME) != 0) {
/*
* Try to restore access, modification times if read it.
* This is really *bad* because it will modify the status
* time of the file... And of course this will affect
* backup programs
*/
so based on this, it would seem sensible to remove MAGIC_PRESERVE_ATIME (I think where the comment refers to "status time" it means "change time").
The question is: What is the impact of no longer setting MAGIC_PRESERVE_ATIME? The answer is, I think, nothing (well almost). Once the script is executed, the atime of the script will be updated anyway, so there is no point in preserving it.
Regarding preserving atime doing nothing is not quite correct. For some reason, file's magic.c does not preserve the atime and mtime properly; even if utimes() is available, magic.c does not restore the tv_usec value for atime and mtime, and so even with MAGIC_PRESERVE_ATIME, the mtime and atime are modified by having the fractions of a second part set to 0. It seems to me that magic.c should be using utimensat() directly and setting the tv_nsec thereby ensuring that the mtime and atime remain precisely the same.
My inclination therefore is to remove MAGIC_PRESERVE_ATIME, and then the mtime and ctime fields will not be modified, and although the atime field will be (it is anyway at the moment because the tv_nsec field is set to 0), it will be modified each time the script is run, and so there is no real impact.
from keepalived.
@pqarmitage - thank you for the quick response! I agree in most cases this sort of thing should be fixed in selinux-policy, but since the RH bugzilla and PR was rejected I figured I'd see if it was fixable here.
Would you prefer that I submit a PR for this?
from keepalived.
My reading of the RedHat Bugzilla was that they wouldn't fix the problem because they couldn't identify where utimensat() was being called. Since we have now identified that and the BZ is updated accordingly, they make take some action on it.
I don't need a pull request for this, I'll push a fix later.
from keepalived.
Commit b2b6539 removes MAGIC_PRESERVE_ATIME.
from keepalived.
Related Issues (20)
- keepalived Docker Image Build Failed HOT 8
- unable to recover from split brain problem HOT 6
- Configure virtual server only on master but not on backups HOT 5
- v2.2.8: nopreempt is configured, the notify_xxx method will not be triggered. HOT 2
- One-off symlink resolution causes fragile setups on NixOS HOT 6
- Add documentation for notify script option HOT 1
- restart keepalived not work , systemd: Can't open PID file /etc/keepalived/logs/keepalived.pid (yet?) after start: No such file or directory HOT 1
- restart keepalived donot work, Can't open PID file /var/run/keepalived.pid (yet?) after start: No such file or directory HOT 1
- Need to know why both VMs became MASTER instead of a clean failover HOT 6
- Keepalived High Availability Issue: Both Nodes Selected as Master in RHOSP 16.2 Setup HOT 3
- keepalived standby not receiving advertise packets HOT 1
- keepalived can't call notify_master script timely HOT 4
- Last status of misc check sometimes not updated in keepalived_check.data HOT 5
- Do not go to FAULT state when announce link is down HOT 1
- TCP disconnection upon master switchover HOT 3
- SLAVE unknown state HOT 2
- 2.3.0 crashes if using /etc/keepalived/keepalived.conf HOT 5
- Code analysis: Buffer overflow at memcpy v2.2.8 libipvs.c HOT 1
- Code analysis: deref after free in ipwrapper.c HOT 1
- ip_total_len and received length mismatch due to padding HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keepalived.