Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-96074

PCS RPM should not distribute empty /var/(log|lib)/pcsd directories [rhel-10]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • pcs-0.12.1-1.el10
    • No
    • Low
    • rhel-ha
    • 20
    • 26
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Release Note Not Required
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      bootc (rhel image mode) linter reports missing systemd tmpfiles.d entries for pcs's installed /var/lib/pcsd and /var/log/pcsd directories:

      $ bootc container lint --no-truncate
Lint warning: var-tmpfiles: Found content in /var missing systemd tmpfiles.d entries:
  L /var/lib/unbound/root.key - - - - ../../../etc/unbound/dnssec-root.key
  d /var/lib/corosync 0755 root root - -
  d /var/lib/dnf 0755 root root - -
  d /var/lib/net-snmp 0755 root root - -
  d /var/lib/net-snmp/cert_indexes 0755 root root - -
  d /var/lib/net-snmp/mib_indexes 0755 root root - -
  d /var/lib/pacemaker 0750 hacluster haclient - -
  d /var/lib/pacemaker/blackbox 0750 hacluster haclient - -
  d /var/lib/pacemaker/cib 0750 hacluster haclient - -
  d /var/lib/pacemaker/cores 0750 hacluster haclient - -
  d /var/lib/pacemaker/pengine 0750 hacluster haclient - -
  d /var/lib/pcsd 0700 root root - -
  d /var/lib/sepolgen 0755 root root - -
  d /var/lib/unbound 0755 unbound unbound - -
  d /var/log/cluster 0755 root root - -
  d /var/log/pacemaker 0770 hacluster haclient - -
  d /var/log/pacemaker/bundles 0770 hacluster haclient - -
  d /var/log/pcsd 0700 root root - -
Found non-directory/non-symlink files in /var:
  var/lib/rhsm/repo_server_val/redhat.repo
  var/lib/rhsm/productid.js
  var/lib/rhsm/cache/productid_repo_mapping.json
  var/lib/dnf/history.sqlite
  var/lib/dnf/history.sqlite-wal
  var/lib/dnf/history.sqlite-shm
  var/lib/sepolgen/perm_map
  var/cache/ldconfig/aux-cache
Checks passed: 11
Checks skipped: 1
Warnings: 1

      What is the impact of this issue to you?

      the linter describes the issue as:

      Check for content in /var that does not have corresponding systemd tmpfiles.d entries.
This can cause a problem across upgrades because content in /var from the container
image will only be applied on the initial provisioning.

Instead, it's recommended to have /var effectively empty in the container image,
and use systemd tmpfiles.d to generate empty directories and compatibility symbolic links
as part of each boot.

      Please provide the package NVR for which the bug is seen:

      pcs-0.12.0-5.el10

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. build a rhel bootc image with the pcs package included
      2. run `bootc container lint --no-truncate`

      Expected results

      no issue reported for content belonging to the pcs package

      Actual results

      missing tmpfiles.d entry reported for /var/lib/pcsd and /var/log/pcsd

              mmazoure Michal Mazourek
              rhn-support-phagara Patrik Hagara
              Miroslav Lisik
              Michal Pospisil Michal Pospisil
              Michal Mazourek Michal Mazourek
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: