SELINUX设为Disable 影响java SSH工具包Jsch 0.1.49.jar的一个案例

最近项目中遇到一个典型事件，当RHEL 的SELINUX设为DISABLE时

使用JAVA的Jsch 库调用SSH命令时将随机返回空字符串，我使用的版本是0.1.49，最新版本0.1.51未测试。

关于Jsch: http://www.jcraft.com/jsch/
为此，我特意写了一个程序测试：

package com.ibm.leo;

import com.ibm.gts.cms.common.guestssh.api.GuestSshServiceFactory;
import com.ibm.gts.cms.common.guestssh.api.IGuestSshProperties;
import com.ibm.gts.cms.common.guestssh.api.IGuestSshService;
import com.ibm.gts.cms.common.guestssh.api.IScriptResponse;

public class GuestSSH {
/**
* This code snippet will validate that the guestssh service remove execute will return null randomly  if the selinux was disabled.
* */
public static void main(String[] args) {
try{
int sshRC=-1;
if(args.length<3){
System.out.println("Usage: java -jar testssh.jar <Host IP> <command> <count>");
System.exit(1);
}

int count=Integer.parseInt(args[2]);
if(count==0) count=1;

int nullCount=0;
System.out.println("start test...");
// Run the command via SSH
IGuestSshService sshService = GuestSshServiceFactory.GetService();
IGuestSshProperties props = sshService.makeGuestSshProperties();
props.setConnectTimeout(60000);  //  60 seconds to establish connection with the guest
props.setCommandTimeout(60 * 60 * 1000); // 1 hour to wait for command to complete (after connection)
//props.setScriptInputStream(null); // stdin may be null, which is OK and means no stdin data
for(int i=1;i<=count;i++){
IScriptResponse response = sshService.invoke("root", args[0], 22, null, args[1], null, props);
sshRC = response.getReturnCode();
String[] stdoutLines = response.getStandardOutputLines();
if(stdoutLines[0].trim().equals("")) nullCount++;
System.out.println("Exceute count:"+i+"  returnCode: "+sshRC +" return Lines:"+stdoutLines.length);
for (String line : stdoutLines) {
System.out.println("Command return: "+line);
}
}
System.out.println("End test, the total execute count is "+count+", and  first line null return count is: " + nullCount);
}catch(Exception e){
System.out.println(e.getMessage());
}
}

}

测试结果如下：

D:\tmp>java -jar testssh.jar 192.168.1.244 hostname 5
start test...
Exceute count:1  returnCode: 0 return Lines:1
Command return: GMTDev
Exceute count:2  returnCode: 0 return Lines:1
Command return:
Exceute count:3  returnCode: 0 return Lines:1
Command return:
Exceute count:4  returnCode: 0 return Lines:1
Command return:
Exceute count:5  returnCode: 0 return Lines:1
Command return: GMTDev
End test, the total execute count is 5, and  first line null return count is: 3

从结果中可以看出，共取了5次主机名，只有两得到，3次虽然命令成功执行，但返回空值，这种情况只有当SELINUX=disabled时出现，而Enforcing和permissive返回值都正常。

或许是guestssh的一个BUG？ 记录一下备查。