Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filtering out non-admin user reports #494

Open
paulraines68 opened this issue Jun 15, 2017 · 7 comments
Open

Filtering out non-admin user reports #494

paulraines68 opened this issue Jun 15, 2017 · 7 comments
Labels
documentation
Projects
Issue review

Comments

@paulraines68
Copy link

I am trying to ignore reports from abrt for non-admin users (uid > 999) and created the file
/etc/libreport/events.d/abrt_ignore_users.conf

EVENT=post-create
        if [ -f uid ] ; then
          if [ "`cat uid`" -gt 999 ] ; then
            echo "ABRT_IGNORE for nonadmin users"
            exit 1
          fi
        fi

however it is not working and I still get CCpp reports when a user with uid > 999 has a program fault

What am I doing wrong?
@mhabrnal
Copy link
Contributor

It works for me on Fedora 26.
See logs from journal:

Jun 16 11:21:09 localhost.localdomain systemd-coredump[18446]: Process 18444 (will_abort) of user 1000 dumped core.
                                                               
                                                               Stack trace of thread 18444:
                                                               #0  0x00007f53eb48e64b raise (libc.so.6)
                                                               #1  0x00007f53eb490450 abort (libc.so.6)
                                                               #2  0x000055d608cc0d1d a (will_abort)
                                                               #3  0x000055d608cc0d10 a (will_abort)
                                                               #4  0x000055d608cc0d10 a (will_abort)
                                                               #5  0x000055d608cc0d10 a (will_abort)
                                                               #6  0x000055d608cc0d10 a (will_abort)
                                                               #7  0x000055d608cc0d10 a (will_abort)
                                                               #8  0x000055d608cc0d10 a (will_abort)
                                                               #9  0x000055d608cc0d10 a (will_abort)
                                                               #10 0x000055d608cc0d10 a (will_abort)
                                                               #11 0x000055d608cc0d10 a (will_abort)
                                                               #12 0x000055d608cc0d10 a (will_abort)
                                                               #13 0x000055d608cc0b86 main (will_abort)
                                                               #14 0x00007f53eb4784da __libc_start_main (libc.so.6)
                                                               #15 0x000055d608cc0bea _start (will_abort)
Jun 16 11:21:09 localhost.localdomain abrt-server[18467]: ABRT_IGNORE for nonadmin users
Jun 16 11:21:09 localhost.localdomain abrt-server[18467]: 'post-create' on '/var/spool/abrt/ccpp-2017-06-16-11:21:09.726816-18444' exited with 1
Jun 16 11:21:09 localhost.localdomain abrt-server[18467]: Deleting problem directory '/var/spool/abrt/ccpp-2017-06-16-11:21:09.726816-18444'

What system are you using?

@paulraines68
Copy link
Author

I have a CentOS 7.3 system.

It does seem to work in most cases. It seemed to not work when I had a multiple processes SIGBUS at once. So this will probably be rare and not worth pursuing.

Jun 15 10:12:11 tianshu abrt-hook-ccpp: Process 17784 (tracker-miner-user-guides) of user 3701206 killed by SIGBUS - dumping core
Jun 15 10:12:12 tianshu abrt-hook-ccpp: Process 17728 (tracker-miner-fs) of user 3701206 killed by SIGBUS - dumping core
Jun 15 10:12:12 tianshu abrt-hook-ccpp: Process 17708 (tracker-miner-apps) of user 3701206 killed by SIGBUS - dumping core
Jun 15 10:12:12 tianshu abrt-server: Duplicate: core backtrace
Jun 15 10:12:12 tianshu abrt-server: DUP_OF_DIR: /var/spool/abrt/ccpp-2017-06-15-10:12:12-17728
Jun 15 10:12:12 tianshu abrt-server: Deleting problem directory ccpp-2017-06-15-10:12:11-17784 (dup of ccpp-2017-06-15-10:12:12-17728)
Jun 15 10:12:12 tianshu abrt-hook-ccpp: Process 17724 (tracker-extract) of user 3701206 killed by SIGBUS - dumping core
Jun 15 10:12:12 tianshu abrt-server: Email address of sender was not specified. Would you like to do so now? If not, 'user@localhost' is to be used [y/N]
Jun 15 10:12:12 tianshu abrt-server: Undefined variable outside of [[ ]] bracket
Jun 15 10:12:12 tianshu abrt-server: Sending an email...
Jun 15 10:12:12 tianshu abrt-server: Sending a notification email to: alert@nmr.mgh.harvard.edu
Jun 15 10:12:13 tianshu abrt-server: Email was sent to: alert@nmr.mgh.harvard.edu
Jun 15 10:12:13 tianshu abrt-server: Duplicate: core backtrace
Jun 15 10:12:13 tianshu abrt-server: DUP_OF_DIR: /var/spool/abrt/ccpp-2017-06-15-10:12:12-17724
Jun 15 10:12:13 tianshu abrt-server: Deleting problem directory ccpp-2017-06-15-10:12:12-17728 (dup of ccpp-2017-06-15-10:12:12-17724)
Jun 15 10:12:13 tianshu abrt-server: Email address of sender was not specified. Would you like to do so now? If not, 'user@localhost' is to be used [y/N]
Jun 15 10:12:13 tianshu abrt-server: Undefined variable outside of [[ ]] bracket
Jun 15 10:12:13 tianshu abrt-server: Sending an email...
Jun 15 10:12:13 tianshu abrt-server: Sending a notification email to: alert@nmr.mgh.harvard.edu
Jun 15 10:12:13 tianshu abrt-server: Email was sent to: alert@nmr.mgh.harvard.edu
Jun 15 10:12:13 tianshu abrt-server: Duplicate: core backtrace
Jun 15 10:12:13 tianshu abrt-server: DUP_OF_DIR: /var/spool/abrt/ccpp-2017-06-15-10:12:12-17724
Jun 15 10:12:13 tianshu abrt-server: Deleting problem directory ccpp-2017-06-15-10:12:12-17708 (dup of ccpp-2017-06-15-10:12:12-17724)
Jun 15 10:12:13 tianshu abrt-server: Email address of sender was not specified. Would you like to do so now? If not, 'user@localhost' is to be used [y/N]
Jun 15 10:12:13 tianshu abrt-server: Undefined variable outside of [[ ]] bracket
Jun 15 10:12:13 tianshu abrt-server: Sending an email...
Jun 15 10:12:13 tianshu abrt-server: Sending a notification email to: alert@nmr.mgh.harvard.edu
Jun 15 10:12:14 tianshu abrt-server: Email was sent to: alert@nmr.mgh.harvard.edu
Jun 15 10:12:14 tianshu abrt-server: ABRT_IGNORE for nonadmin users
Jun 15 10:12:14 tianshu abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2017-06-15-10:12:12-17724' exited with 1
Jun 15 10:12:14 tianshu abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2017-06-15-10:12:12-17724'

I added the exact same rule under EVENT=notify and restarted abrtd to see if that helps

Thanks

@paulraines68
Copy link
Author

Well, now I am really confused. On this machine on single event I see it ignored

Jun 15 18:30:23 topaz abrt-hook-ccpp: Process 12841 (gnome-session-failed) of user 3935749 killed by SIGTRAP - dumping core
Jun 15 18:30:24 topaz abrt-server: ABRT_IGNORE for nonadmin users
Jun 15 18:30:24 topaz abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2017-06-15-18:30:23-12841' exited with 1
Jun 15 18:30:24 topaz abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2017-06-15-18:30:23-12841'

but hours later one is not ignored

Jun 16 09:26:24 topaz kernel: mate-panel[27173]: segfault at 6 ip 00007f934d9c3465 sp 00007ffc9b1a7fd8 error 4 in libgobject-2.0.so.0.4600.2[7f934d991000+4e000]
Jun 16 09:26:24 topaz abrt-hook-ccpp: Process 27173 (mate-panel) of user 3935749 killed by SIGSEGV - dumping core
Jun 16 09:26:25 topaz abrt-server: Duplicate: core backtrace
Jun 16 09:26:25 topaz abrt-server: DUP_OF_DIR: /var/spool/abrt/ccpp-2017-06-05-14:49:59-10434
Jun 16 09:26:25 topaz abrt-server: Deleting problem directory ccpp-2017-06-16-09:26:24-27173 (dup of ccpp-2017-06-05-14:49:59-10434)
Jun 16 09:26:25 topaz abrt-server: Email address of sender was not specified. Would you like to do so now? If not, 'user@localhost' is to be used [y/N]
Jun 16 09:26:25 topaz abrt-server: Undefined variable outside of [[ ]] bracket
Jun 16 09:26:25 topaz abrt-server: Sending an email...
Jun 16 09:26:25 topaz abrt-server: Sending a notification email to: alert@nmr.mgh.harvard.edu
Jun 16 09:26:25 topaz abrt-server: Email was sent to: alert@nmr.mgh.harvard.edu
Jun 16 09:26:25 topaz /usr/bin/x2goumount-session[18289]: successfully unmounted "/tmp/.x2go-ah221/spool/C-ah221-51-1497584978_stDMATE_dp32"

Is it because the second one is a DUP? How do I suppress notification on DUPs for non-admin users?

@jfilak
Copy link
Contributor

jfilak commented Jun 19, 2017

There might be a problem with a race condition. You need to ensure abrtd executes your as the first post-create event. Unfortunately, it is not an easy task - see #325 - but adding the "01" prefix to the file name should help.

@xsuchy
Copy link
Member

xsuchy commented Apr 9, 2020

Is there still something to be resolved?

@xsuchy xsuchy added this to Needs triage in Issue review via automation Apr 9, 2020
@xsuchy xsuchy moved this from Needs triage to Yes in Issue review Apr 14, 2020
@xsuchy
Copy link
Member

xsuchy commented Apr 14, 2020

We will try to reproduce it.

@paulraines68
Copy link
Author

I ended up creating a cron job on all my machines to just remove all dirs in /var/spool/abrt where username is not root. So I don't know if it is still happening on DUPs. The other issue of just preventing any abrt being written for non-root users in the first place would essentially solve this for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
Issue review
  
Yes
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xsuchy @jfilak @paulraines68 @mhabrnal