[Open-scap] OpenSCAP Error, Missing Library?

Anthony Davis Anthony.Davis at bbc.co.uk
Mon Apr 22 11:50:41 UTC 2013 

Hi,

Sorry for the delay. So the output below is using  strace -r -f -p `pidof oscap tog rab the strace info, I have copied and pasted, from where the process starts and where it hangs, but that is all the information it gives me:

So process 3218 is checking the rule before and this seems to work fine, it just hits the next rule and hangs...


[pid  3088]      0.000107 writev(5, [{"(#d8:seap.msg#d3::id#d7((#d15:pa"..., 151}], 1) = 151
[pid  3088]      0.000121 wait4(3101, 0x7fff68c44ffc, WNOHANG, NULL) = 0
[pid  3088]      0.000073 select(6, [5], NULL, NULL, NULL <unfinished ...>
[pid  3218]      0.000051 <... writev resumed> ) = 49
[pid  3218]      0.000063 _exit(0)      = ?
Process 3218 detached
[pid  3088]      0.002164 <... select resumed> ) = 1 (in [5])
[pid  3088]      0.000100 wait4(3101, 0x7fff68c4508c, WNOHANG, NULL) = 0
[pid  3088]      0.000082 read(5, "(#d8:seap.msg#d3::id#d7#d9::repl"..., 16384) = 4025
[pid  3088]      0.001026 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid  3088]      0.000269 write(1, "\33[32mpass\33[0m\n", 14) = 14
[pid  3088]      0.000555 write(1, "\n", 1) = 1
[pid  3088]      0.000421 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid  3088]      0.000225 write(1, "Rule ID:\r\t\t\33[1mSV-37379r1_rule\33["..., 37) = 37
[pid  3088]      0.000180 write(1, "Title:\r\t\tAll interactive user ho"..., 91) = 91
[pid  3088]      0.000161 write(1, "Result:\r\t\t", 10) = 10
[pid  3088]      0.000425 wait4(3101, 0x7fff68c43cfc, WNOHANG, NULL) = 0
[pid  3088]      0.000155 writev(5, [{"(#d8:seap.msg#d3::id#d8((#d15:pa"..., 242}], 1) = 242
[pid  3088]      0.000110 wait4(3101, 0x7fff68c43bfc, WNOHANG, NULL) = 0
[pid  3088]      0.000072 select(6, [5], NULL, NULL, NULL) = 1 (in [5])
[pid  3088]      0.000870 wait4(3101, 0x7fff68c43c8c, WNOHANG, NULL) = 0
[pid  3088]      0.000115 read(5, "(#d8:seap.cmd#d3::id#d2#d6::clas"..., 16384) = 104
[pid  3088]      0.000343 wait4(3101, 0x7fff68c4255c, WNOHANG, NULL) = 0
[pid  3088]      0.000149 writev(5, [{"(#d8:seap.msg#d3::id#d9#d8:no-re"..., 234}], 1) = 234
[pid  3088]      0.000136 wait4(3101, 0x7fff68c4245c, WNOHANG, NULL) = 0
[pid  3088]      0.000071 select(6, [5], NULL, NULL, NULL) = 1 (in [5])
[pid  3088]      0.000356 wait4(3101, 0x7fff68c424ec, WNOHANG, NULL) = 0
[pid  3088]      0.000072 read(5, "(#d8:seap.cmd#d3::id#d3#d6::clas"..., 16384) = 100
[pid  3088]      0.000248 wait4(3101, 0x7fff68c4246c, WNOHANG, NULL) = 0
[pid  3088]      0.000115 writev(5, [{"(#d8:seap.cmd#d3::id#d2#d9::repl"..., 276}], 1) = 276
[pid  3088]      0.002415 wait4(3101, 0x7fff68c4245c, WNOHANG, NULL) = 0
[pid  3088]      0.001036 select(6, [5], NULL, NULL, NULL) = 1 (in [5])
[pid  3088]      0.000880 wait4(3101, 0x7fff68c424ec, WNOHANG, NULL) = 0
[pid  3088]      0.000724 read(5, "(#d8:seap.msg#d3::id#d8#d9::repl"..., 16384) = 42
[pid  3088]      0.000603 wait4(3101, 0x7fff68c43c0c, WNOHANG, NULL) = 0
[pid  3088]      0.000462 writev(5, [{"(#d8:seap.cmd#d3::id#d3#d9::repl"..., 126}], 1) = 126
[pid  3088]      0.000274 wait4(3101, 0x7fff68c43bfc, WNOHANG, NULL) = 0
[pid  3088]      0.000042 select(6, [5], NULL, NULL, NULL) = 1 (in [5])
[pid  3088]      0.000822 wait4(3101, 0x7fff68c43c8c, WNOHANG, NULL) = 0
[pid  3088]      0.000042 read(5, "(#d8:seap.msg#d3::id#d9#d9::repl"..., 16384) = 4025
[pid  3088]      0.000875 wait4(3109, 0x7fff68c450fc, WNOHANG, NULL) = 0
[pid  3088]      0.000133 writev(6, [{"(#d8:seap.msg#d3::id#d47((#d11:f"..., 534}], 1) = 534
[pid  3088]      0.000066 wait4(3109, 0x7fff68c44ffc, WNOHANG, NULL) = 0
[pid  3088]      0.000046 select(7, [6], NULL, NULL, NULL

Kind Regards

Tony
________________________________________
From: open-scap-list-bounces at redhat.com [open-scap-list-bounces at redhat.com] on behalf of Przemek Klosowski [przemek.klosowski at nist.gov]
Sent: 19 April 2013 16:45
Cc: open-scap-list at redhat.com
Subject: Re: [Open-scap] OpenSCAP Error, Missing Library?

On 04/19/2013 05:11 AM, Anthony Davis wrote:

> The rule it hangs on:
> Rule ID:        SV-37379r1_rule
> Title:          All interactive user home directories defined in the /etc/passwd file must exist.
> Result:
>
> strace output:
>
> write(1, "Rule ID:\r\t\t\33[1mSV-37379r1_rule\33["..., 37) = 37
> write(1, "Title:\r\t\tAll interactive user ho"..., 91) = 91
> write(1, "Result:\r\t\t", 10)           = 10

>  wait4(13305, 0x7fff2584379c, WNOHANG, NULL) = 0
> writev(5, [{"(#d8:seap.msg#d3::id#d8((#d15:pa"..., 242}], 1) = 242
>  wait4(13305, 0x7fff2584369c, WNOHANG, NULL) = 0
>   select(6, [5], NULL, NULL, NULL)        = 1 (in [5])
>  wait4(13305, 0x7fff2584372c, WNOHANG, NULL) = 0
> read(5, "(#d8:seap.cmd#d3::id#d2#d6::clas"..., 16384) = 104

It's not clear where it's spending all the time. Are there visible waits
between those output lines, or is it a constant stream of millions and
that's what's taking all the time?

I don't think it's hanging in wait4() because they use WNOHANG so they
should return immediately (0 return value means 'no change'). Therefore,
the time is probably spent in select() calls...

Perhaps rerun it with  strace -r -f -p `pidof oscap` to see what those
subprocesses are doing, and where the time is spent.

_______________________________________________
Open-scap-list mailing list
Open-scap-list at redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list


-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------

More information about the Open-scap-list mailing list