[Debian-ha-maintainers] Bug#974563: corosync unable to communicate with pacemaker 1.1.16-1+deb9u1 which contains the fix for CVE-2020-25654
Alejandro Taboada
alejandro.taboada at altipeak.com
Thu Nov 12 18:50:06 GMT 2020
Hi !
Just tested v1.1 and the issue persists. The problem is quiet local connection when using with corosync
Thanks,
Alejandro
> On 12 Nov 2020, at 14:21, Pallai Roland <pallair at magex.hu> wrote:
>
> Hi Markus,
>
> The problem is still the same here:
> Nov 12 18:14:46 srv1 lrmd[990]: warning: Rejecting IPC request 'lrmd_rsc_info' from unprivileged client crmd
> Nov 12 18:14:46 srv1 lrmd[990]: warning: Rejecting IPC request 'lrmd_rsc_register' from unprivileged client crmd
> Nov 12 18:14:46 srv1 crmd[993]: error: Could not add resource dummy_activenode to LRM nmsrv1
> Nov 12 18:14:46 srv1 crmd[993]: error: Invalid resource definition for dummy_activenode
>
> [root at srv1 root]# dpkg -l pacemaker
> ii pacemaker 1.1.16-1+deb9u1.1 amd64 cluster resource manager
>
> Downgrading to "pacemaker=1.1.16-1" fixed it again.
>
>
> On 2020. november 12., csütörtök 17:51:28 CET, Markus Koschany wrote:
>> Thanks for reporting. This is a permission problem. I assume your clients are
>> local and not remote and you don't use the tls_backend. I have prepared another
>> update that should grant the local hacluser clients the necessary privileges.
>> You can download the source and binary files from
>>
>> https://people.debian.org/~apo/lts/pacemaker/
>>
>> Please report back if this fixes the problem. If not, please send me your log
>> file via private email after you have set the logfile_priority to debug in
>> corosync.conf.
>
More information about the Debian-ha-maintainers
mailing list