[OpenAFS-devel] openafs hangs on shutdown with selinux (caused by callback expiration via umount?)

Derrick Brashear shadow@gmail.com
Thu, 3 Jan 2008 09:35:18 -0500 

------=_Part_7441_21777439.1199370918368
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Jan 3, 2008 12:27 AM, Russ Allbery <rra@stanford.edu> wrote:

> Christopher Allen Wing <wingc@umich.edu> writes:
> > On Wed, 2 Jan 2008, Jim Rees wrote:
>
> >> What does the policy say exactly?  No network traffic during shutdown,
> >> or that the traffic is being generated in the wrong context?
>
> > The umount binary runs in a security context called 'mount_t'.  My
> > understanding is that the mount_t context is being restricted from doing
> > network I/O, or from doing certain types of network I/O.
>
> The Debian init script first calls afsd -shutdown and then calls umount.
> I see that the Red Hat init script in the packaging directory doesn't do
> this.  I wonder if it would help.
>

Actually, the correct order is
umount /afs
afsd -shutdown
rmmod

any other order may not work, and may in fact explicitly not work as the
module tries to make it not work.

likewise, on some platforms you may not need afsd -shutdown; if you don't,
calling it again is harmless.

------=_Part_7441_21777439.1199370918368
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div class="gmail_quote">On Jan 3, 2008 12:27 AM, Russ Allbery &lt;<a href="mailto:rra@stanford.edu">rra@stanford.edu</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Christopher Allen Wing &lt;<a href="mailto:wingc@umich.edu">wingc@umich.edu</a>&gt; writes:<br>&gt; On Wed, 2 Jan 2008, Jim Rees wrote:<br><br></div><div class="Ih2E3d">&gt;&gt; What does the policy say exactly? &nbsp;No network traffic during shutdown,
<br>&gt;&gt; or that the traffic is being generated in the wrong context?<br><br>&gt; The umount binary runs in a security context called &#39;mount_t&#39;. &nbsp;My<br>&gt; understanding is that the mount_t context is being restricted from doing
<br>&gt; network I/O, or from doing certain types of network I/O.<br><br></div>The Debian init script first calls afsd -shutdown and then calls umount.<br>I see that the Red Hat init script in the packaging directory doesn&#39;t do
<br>this. &nbsp;I wonder if it would help.<br><font color="#888888"></font></blockquote><div><br>Actually, the correct order is<br>umount /afs<br>afsd -shutdown<br>rmmod<br><br>any other order may not work, and may in fact explicitly not work as the module tries to make it not work. 
<br><br>likewise, on some platforms you may not need afsd -shutdown; if you don&#39;t, calling it again is harmless.<br><br></div></div><br>

------=_Part_7441_21777439.1199370918368--