search

nasa / meza

Setup an enterprise MediaWiki server with simple commands
MIT License
18 stars 10 forks source link

shtool at '/var/tmp/memcached/build/shtool' does not exist or is not executable #33

Open cowen23 opened 1 year ago

cowen23 commented 1 year ago

Environment

VMware Red Hat Enterprise Linux release 8.8 (Ootpa) d103da8

Issue details

During "meza monolith deploy", TASK [apache-php : Install memcached PECL packages] fails:

fatal: [localhost]: FAILED! => { "changed": true, "cmd": "pecl install --configureoptions 'with-libmemcached-dir=\"no\" with-zlib-dir=\"no\" with-syste m-fastlz=\"no\" enable-memcached-igbinary=\"no\" enable-memcached-msgpack=\"no\" enable-memcached-json=\"no\" e nable-memcached-protocol=\"no\" enable-memcached-sasl=\"yes\" enable-memcached-session=\"yes\"' memcached\n",

"delta": "0:00:01.199410",
"end": "2023-03-20 15:59:39.181133",
"rc": 1,
"start": "2023-03-20 15:59:37.981723"

}

STDOUT:-(22%)

pecl/memcached can optionally use PHP extension "igbinary" (version >= 2.0) pecl/memcached can optionally use PHP extension "msgpack" (version >= 2.0) downloading memcached-3.2.0.tgz ... Starting to download memcached-3.2.0.tgz (90,722 bytes) .....................done: 90,722 bytes 18 source files, building running: phpize Configuring for: PHP Api Version: 20190902 Zend Module Api No: 20190902 Zend Extension Api No: 320190902 shtool at '/var/tmp/memcached/build/shtool' does not exist or is not executable. Make sure that the file exists and is executable and then rerun this script.

ERROR: `phpize' failed

MSG:re--(22%)

non-zero return code ...ignoring%)

This occurs because NASA-SPEC-2601OS.RHEL8 (RED HAT ENTERPRISE LINUX 8 SECURITY CONFIGURATION SPECIFICATION) has the control "NASA-ASCS-20238: Add noexec Option to /var/tmp".

The mount command can be used to determine if there is a noexec option on the file system:

mount | grep \/var\/tmp

/dev/sdb6 on /var/tmp type ext4 (rw,nosuid,nodev,noexec,relatime,seclabel)

If noexec is in the list of options, then the /var/tmp file system has to be remounted with the "exec" option for the task to be completed without error: mount -o remount,exec /var/tmp

At the end of the task, /var/tmp should be changed back to noexec to remain compliant with NASA-SPEC-2601OS.RHEL8: mount -o remount,noexec /var/tmp

NASA-SPEC-2601OS.RHEL8_v1.7.pdf

revansx commented 1 year ago

great catch. I will endeavor to add this to meza soon.

In the mean time. the work-around has been added to the CMTE at https://www.mediawiki.org/wiki/Meza/Common_Meza_Test_Environment_(CMTE)