← Back to team overview

kernel-packages team mailing list archive

[Bug 1269053] Re: IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel 3.5.0-45.68

 

** Description changed:

  Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel, has
  prevented IBM Domino's "/opt/ibm/domino/notes/latest/linux/bindsock"
  binary that runs as root (setuid) to get ports lower than 1024 for it's
  LDAP, SMTP, IMAP, POP3, and HTTP processes. The IBM Domino Application
  Server's parent process "/opt/ibm/domino/notes/latest/linux/server" runs
  as a Service Account or a normal non-admin user, that launches
  "bindsock"and others like "http", "ldap"....
  
  In the Live Domino Console we're seeing the Application Server report:
-   "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."
+   "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."
  
  Another thing in the Live Domino Console, which is unusual is:
-   "Error_CmdToDo_INVAL"... might be an IBM thang.
+   "Error_CmdToDo_INVAL"... might be an IBM thang.
  
  A number of us have to hold back the kernel now and there's lots of scratching going on.
-   http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3 
+   http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3
  
  It does seem to be limited to IBM Domino's "bindsock" binary and other
  things are just fine, such as Nginx.
  
  I have attached some files within the zip "ibm-domino-bindsock_strace.zip"
  >>bindsock_binary_strace.txt
  This is just running strace against the binary that isn't running in any process.
  
  >> domino-server-pid1052_strace-f.txt
  The IBM Domino Application Server ("/opt/ibm/domino/notes/latest/linux/server") is running as PID 1052 so this is what I applied "strace -f" to and towards the end, I told "server" to start the "http" process ("l http") which would then try launch "bindsock" (I hope).
  
  Hopeully this first attempt at strace provides some good info for you
  kind folks :-)
  
  Many thanks
  MR
  
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: linux-image-3.5.0-45-generic 3.5.0-45.68~precise1
  ProcVersionSignature: Ubuntu 3.5.0-45.68~precise1-generic 3.5.7.26
  Uname: Linux 3.5.0-45-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.0.1-0ubuntu17.6
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: [Errno 2] No such file or directory
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  Date: Tue Jan 14 15:33:47 2014
  HibernationDevice: RESUME=UUID=474adefd-59c4-4582-8d03-3c570137809d
  InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
  IwConfig: Error: [Errno 2] No such file or directory
  Lsusb:
-  Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
-  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
-  Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
+  Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
+  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
+  Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: innotek GmbH VirtualBox
  MarkForUpload: True
  ProcEnviron:
-  SHELL=/bin/bash
-  TERM=xterm
-  PATH=(custom, no user)
-  LANG=en_GB.UTF-8
-  LANGUAGE=en_GB:en
+  SHELL=/bin/bash
+  TERM=xterm
+  PATH=(custom, no user)
+  LANG=en_GB.UTF-8
+  LANGUAGE=en_GB:en
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-45-generic root=UUID=a2842a37-9023-4e21-8460-a565465b7f67 ro
  RelatedPackageVersions:
-  linux-restricted-modules-3.5.0-45-generic N/A
-  linux-backports-modules-3.5.0-45-generic  N/A
-  linux-firmware                            1.79.9
+  linux-restricted-modules-3.5.0-45-generic N/A
+  linux-backports-modules-3.5.0-45-generic  N/A
+  linux-firmware                            1.79.9
  RfKill: Error: [Errno 2] No such file or directory
  SourcePackage: linux-lts-quantal
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/01/2006
  dmi.bios.vendor: innotek GmbH
  dmi.bios.version: VirtualBox
  dmi.board.name: VirtualBox
  dmi.board.vendor: Oracle Corporation
  dmi.board.version: 1.2
  dmi.chassis.type: 1
  dmi.chassis.vendor: Oracle Corporation
  dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
  dmi.product.name: VirtualBox
  dmi.product.version: 1.2
  dmi.sys.vendor: innotek GmbH
+ 
+ 
+ break-fix: - db31c55a6fb245fdbb752a2ca4aefec89afabb06

** Tags added: linux-break-fix

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1269053

Title:
  IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel
  3.5.0-45.68

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux” source package in Precise:
  Fix Committed
Status in “linux-lts-quantal” source package in Precise:
  Fix Committed
Status in “linux-lts-raring” source package in Precise:
  Fix Committed
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux” source package in Quantal:
  Fix Committed
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-lts-saucy” source package in Quantal:
  Invalid
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid

Bug description:
  Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel,
  has prevented IBM Domino's
  "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root
  (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3,
  and HTTP processes. The IBM Domino Application Server's parent process
  "/opt/ibm/domino/notes/latest/linux/server" runs as a Service Account
  or a normal non-admin user, that launches "bindsock"and others like
  "http", "ldap"....

  In the Live Domino Console we're seeing the Application Server report:
    "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."

  Another thing in the Live Domino Console, which is unusual is:
    "Error_CmdToDo_INVAL"... might be an IBM thang.

  A number of us have to hold back the kernel now and there's lots of scratching going on.
    http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3

  It does seem to be limited to IBM Domino's "bindsock" binary and other
  things are just fine, such as Nginx.

  I have attached some files within the zip "ibm-domino-bindsock_strace.zip"
  >>bindsock_binary_strace.txt
  This is just running strace against the binary that isn't running in any process.

  >> domino-server-pid1052_strace-f.txt
  The IBM Domino Application Server ("/opt/ibm/domino/notes/latest/linux/server") is running as PID 1052 so this is what I applied "strace -f" to and towards the end, I told "server" to start the "http" process ("l http") which would then try launch "bindsock" (I hope).

  Hopeully this first attempt at strace provides some good info for you
  kind folks :-)

  Many thanks
  MR

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: linux-image-3.5.0-45-generic 3.5.0-45.68~precise1
  ProcVersionSignature: Ubuntu 3.5.0-45.68~precise1-generic 3.5.7.26
  Uname: Linux 3.5.0-45-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.0.1-0ubuntu17.6
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: [Errno 2] No such file or directory
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  Date: Tue Jan 14 15:33:47 2014
  HibernationDevice: RESUME=UUID=474adefd-59c4-4582-8d03-3c570137809d
  InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
  IwConfig: Error: [Errno 2] No such file or directory
  Lsusb:
   Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: innotek GmbH VirtualBox
  MarkForUpload: True
  ProcEnviron:
   SHELL=/bin/bash
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   LANGUAGE=en_GB:en
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-45-generic root=UUID=a2842a37-9023-4e21-8460-a565465b7f67 ro
  RelatedPackageVersions:
   linux-restricted-modules-3.5.0-45-generic N/A
   linux-backports-modules-3.5.0-45-generic  N/A
   linux-firmware                            1.79.9
  RfKill: Error: [Errno 2] No such file or directory
  SourcePackage: linux-lts-quantal
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/01/2006
  dmi.bios.vendor: innotek GmbH
  dmi.bios.version: VirtualBox
  dmi.board.name: VirtualBox
  dmi.board.vendor: Oracle Corporation
  dmi.board.version: 1.2
  dmi.chassis.type: 1
  dmi.chassis.vendor: Oracle Corporation
  dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
  dmi.product.name: VirtualBox
  dmi.product.version: 1.2
  dmi.sys.vendor: innotek GmbH

  
  break-fix: - db31c55a6fb245fdbb752a2ca4aefec89afabb06

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1269053/+subscriptions