← Back to team overview

kernel-packages team mailing list archive

Re: [Bug 1269053] Re: IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel 3.5.0-45.68

 

I had to revert to Ubuntu server 13.04 that did not have the bug in order 
to keep my business running on IBM Domino. Will this kernel fix work on 
13.04? If not, I will not be able to test the fix.

73 & Cheers,
Ken Behrens
IBM Certified Advanced Application Developer Lotus Notes & Domino 7
MicroBlue Software, LLC 
KB0YLN
E-mail: khbehrens@xxxxxxxxxxxxxxxxxxxxx
Web site:  http://www.MicroBlueSoftware.com


From:   Brad Figg <brad.figg@xxxxxxxxxxxxx>
To:     khbehrens@xxxxxxxxxxxxxxxxxxxxx
Date:   02/06/2014 11:50 AM
Subject:        [Bug 1269053] Re: IBM Domino 'bindsock' cannot bind to 
ports <1024 since recent kernel 3.5.0-45.68
Sent by:        bounces@xxxxxxxxxxxxx


This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
saucy' to 'verification-done-saucy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-saucy

-- 
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1269053

Title:
  IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel
  3.5.0-45.68

Status in ?linux? package in Ubuntu:
  Fix Released
Status in ?linux-lts-quantal? package in Ubuntu:
  Invalid
Status in ?linux-lts-raring? package in Ubuntu:
  Invalid
Status in ?linux-lts-saucy? package in Ubuntu:
  Invalid
Status in ?linux? source package in Precise:
  Fix Committed
Status in ?linux-lts-quantal? source package in Precise:
  Confirmed
Status in ?linux-lts-raring? source package in Precise:
  Fix Committed
Status in ?linux-lts-saucy? source package in Precise:
  Fix Committed
Status in ?linux? source package in Quantal:
  Fix Committed
Status in ?linux-lts-quantal? source package in Quantal:
  Invalid
Status in ?linux-lts-raring? source package in Quantal:
  Invalid
Status in ?linux-lts-saucy? source package in Quantal:
  Invalid
Status in ?linux? source package in Saucy:
  Fix Committed
Status in ?linux-lts-quantal? source package in Saucy:
  Invalid
Status in ?linux-lts-raring? source package in Saucy:
  Invalid
Status in ?linux-lts-saucy? source package in Saucy:
  Invalid
Status in ?linux? source package in Trusty:
  Fix Released
Status in ?linux-lts-quantal? source package in Trusty:
  Invalid
Status in ?linux-lts-raring? source package in Trusty:
  Invalid
Status in ?linux-lts-saucy? source package in Trusty:
  Invalid

Bug description:
  Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel,
  has prevented IBM Domino's
  "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root
  (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3,
  and HTTP processes. The IBM Domino Application Server's parent process
  "/opt/ibm/domino/notes/latest/linux/server" runs as a Service Account
  or a normal non-admin user, that launches "bindsock"and others like
  "http", "ldap"....

  In the Live Domino Console we're seeing the Application Server report:
    "Listener failure: 'bindsock' is missing, not executable, not owned by 
root, not setuid root or user needs net_privaddr privilege."

  Another thing in the Live Domino Console, which is unusual is:
    "Error_CmdToDo_INVAL"... might be an IBM thang.

  A number of us have to hold back the kernel now and there's lots of 
scratching going on.
    
http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3


  It does seem to be limited to IBM Domino's "bindsock" binary and other
  things are just fine, such as Nginx.

  I have attached some files within the zip 
"ibm-domino-bindsock_strace.zip"
  >>bindsock_binary_strace.txt
  This is just running strace against the binary that isn't running in any 
process.

  >> domino-server-pid1052_strace-f.txt
  The IBM Domino Application Server 
("/opt/ibm/domino/notes/latest/linux/server") is running as PID 1052 so 
this is what I applied "strace -f" to and towards the end, I told "server" 
to start the "http" process ("l http") which would then try launch 
"bindsock" (I hope).

  Hopeully this first attempt at strace provides some good info for you
  kind folks :-)

  Many thanks
  MR

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: linux-image-3.5.0-45-generic 3.5.0-45.68~precise1
  ProcVersionSignature: Ubuntu 3.5.0-45.68~precise1-generic 3.5.7.26
  Uname: Linux 3.5.0-45-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.0.1-0ubuntu17.6
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: [Errno 2] No such file or directory
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  Date: Tue Jan 14 15:33:47 2014
  HibernationDevice: RESUME=UUID=474adefd-59c4-4582-8d03-3c570137809d
  InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - 
Release amd64 (20130214)
  IwConfig: Error: [Errno 2] No such file or directory
  Lsusb:
   Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: innotek GmbH VirtualBox
  MarkForUpload: True
  ProcEnviron:
   SHELL=/bin/bash
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   LANGUAGE=en_GB:en
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-45-generic 
root=UUID=a2842a37-9023-4e21-8460-a565465b7f67 ro
  RelatedPackageVersions:
   linux-restricted-modules-3.5.0-45-generic N/A
   linux-backports-modules-3.5.0-45-generic  N/A
   linux-firmware                            1.79.9
  RfKill: Error: [Errno 2] No such file or directory
  SourcePackage: linux-lts-quantal
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/01/2006
  dmi.bios.vendor: innotek GmbH
  dmi.bios.version: VirtualBox
  dmi.board.name: VirtualBox
  dmi.board.vendor: Oracle Corporation
  dmi.board.version: 1.2
  dmi.chassis.type: 1
  dmi.chassis.vendor: Oracle Corporation
  dmi.modalias: 
dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
  dmi.product.name: VirtualBox
  dmi.product.version: 1.2
  dmi.sys.vendor: innotek GmbH

  break-fix: 1661bf364ae9c506bc8795fef70d1532931be1e8
  db31c55a6fb245fdbb752a2ca4aefec89afabb06

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1269053/+subscriptions

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1269053

Title:
  IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel
  3.5.0-45.68

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Committed
Status in “linux-armadaxp” source package in Precise:
  Fix Committed
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-lts-quantal” source package in Precise:
  Confirmed
Status in “linux-lts-raring” source package in Precise:
  Fix Committed
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux” source package in Quantal:
  Fix Committed
Status in “linux-armadaxp” source package in Quantal:
  Confirmed
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-lts-saucy” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Confirmed
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Confirmed
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid

Bug description:
  Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel,
  has prevented IBM Domino's
  "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root
  (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3,
  and HTTP processes. The IBM Domino Application Server's parent process
  "/opt/ibm/domino/notes/latest/linux/server" runs as a Service Account
  or a normal non-admin user, that launches "bindsock"and others like
  "http", "ldap"....

  In the Live Domino Console we're seeing the Application Server report:
    "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."

  Another thing in the Live Domino Console, which is unusual is:
    "Error_CmdToDo_INVAL"... might be an IBM thang.

  A number of us have to hold back the kernel now and there's lots of scratching going on.
    http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3

  It does seem to be limited to IBM Domino's "bindsock" binary and other
  things are just fine, such as Nginx.

  I have attached some files within the zip "ibm-domino-bindsock_strace.zip"
  >>bindsock_binary_strace.txt
  This is just running strace against the binary that isn't running in any process.

  >> domino-server-pid1052_strace-f.txt
  The IBM Domino Application Server ("/opt/ibm/domino/notes/latest/linux/server") is running as PID 1052 so this is what I applied "strace -f" to and towards the end, I told "server" to start the "http" process ("l http") which would then try launch "bindsock" (I hope).

  Hopeully this first attempt at strace provides some good info for you
  kind folks :-)

  Many thanks
  MR

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: linux-image-3.5.0-45-generic 3.5.0-45.68~precise1
  ProcVersionSignature: Ubuntu 3.5.0-45.68~precise1-generic 3.5.7.26
  Uname: Linux 3.5.0-45-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.0.1-0ubuntu17.6
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: [Errno 2] No such file or directory
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  Date: Tue Jan 14 15:33:47 2014
  HibernationDevice: RESUME=UUID=474adefd-59c4-4582-8d03-3c570137809d
  InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
  IwConfig: Error: [Errno 2] No such file or directory
  Lsusb:
   Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: innotek GmbH VirtualBox
  MarkForUpload: True
  ProcEnviron:
   SHELL=/bin/bash
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   LANGUAGE=en_GB:en
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-45-generic root=UUID=a2842a37-9023-4e21-8460-a565465b7f67 ro
  RelatedPackageVersions:
   linux-restricted-modules-3.5.0-45-generic N/A
   linux-backports-modules-3.5.0-45-generic  N/A
   linux-firmware                            1.79.9
  RfKill: Error: [Errno 2] No such file or directory
  SourcePackage: linux-lts-quantal
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/01/2006
  dmi.bios.vendor: innotek GmbH
  dmi.bios.version: VirtualBox
  dmi.board.name: VirtualBox
  dmi.board.vendor: Oracle Corporation
  dmi.board.version: 1.2
  dmi.chassis.type: 1
  dmi.chassis.vendor: Oracle Corporation
  dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
  dmi.product.name: VirtualBox
  dmi.product.version: 1.2
  dmi.sys.vendor: innotek GmbH

  break-fix: 1661bf364ae9c506bc8795fef70d1532931be1e8
  db31c55a6fb245fdbb752a2ca4aefec89afabb06

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1269053/+subscriptions


References