Bug 1331675

Summary: setroubleshootd gets stuck when execmod AVC appears
Product: Red Hat Enterprise Linux 6 Reporter: Milos Malik <mmalik>
Component: setroubleshoot-pluginsAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.7CC: dapospis, lvrabec, mgrepl, mmalik, plautrba, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-24 10:44:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Milos Malik 2016-04-29 08:46:47 UTC 
Description of problem:
* content of the pokus.c file is:
int a;
int main (void)
{
  return a;
}
* I was not able to generate { execmod } AVC on x86_64 and ppc64 machines even if used the same source file and the same RHEL version
* the problem is reproducible by a common user as well (except for the setsebool and ausearch commands)
* the { execmod } AVC is logged via audit daemon, but an analyzed version of the AVC does not show up in the /var/lib/setroubleshoot/setroubleshoot_database.xml file

Version-Release number of selected component (if applicable):
audit-2.3.7-5.el6.i686
audit-libs-2.3.7-5.el6.i686
audit-libs-python-2.3.7-5.el6.i686
setroubleshoot-plugins-3.0.40-2.el6.noarch
setroubleshoot-server-3.0.47-9.1.el6.i686

How reproducible:
always

Steps to Reproduce:
# setsebool allow_execheap off
# setsebool allow_execmem off
# setsebool allow_execmod off
# setsebool allow_execstack off
# gcc -o pokus -g -pie pokus.c
# ./pokus 
./pokus: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
# echo $?
127
# ausearch -m avc -m user_avc -m selinux_err -i
----
type=SYSCALL msg=audit(04/29/2016 10:31:52.901:99) : arch=i386 syscall=mprotect success=no exit=-13(Permission denied) a0=0x688000 a1=0x1000 a2=PROT_READ|PROT_EXEC a3=0xbf96e4b0 items=0 ppid=7542 pid=7844 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=2 comm=pokus exe=/root/pokus subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(04/29/2016 10:31:52.901:99) : avc:  denied  { execmod } for  pid=7844 comm=pokus path=/root/pokus dev=dm-0 ino=655372 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file 
----

Actual results:
 7681 ?        S<sl   0:00 auditd
 7683 ?        S<sl   0:00 /sbin/audispd
 7685 ?        S<     0:00 /usr/sbin/sedispatch
 7769 ?        Ss     0:00 sshd: root@pts/1 
 7774 pts/1    Ss+    0:00 -bash
 7846 ?        Sl     0:04 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
22843 pts/0    R+     0:00 ps ax

Expected results:
* setroubleshootd is not stuck
Comment 3 Petr Lautrbach 2016-10-18 16:05:30 UTC 
The described scenario works for me. Can you please clarify what does mean "setroubleshoot is stuck?".
Comment 4 Milos Malik 2016-10-18 18:17:39 UTC 
I observed following behavior on my VMs: the setroubleshoot daemon stays running, but it does not process any AVCs until somebody kills it.
Comment 5 Milos Malik 2016-10-18 18:48:40 UTC 
Reproduced on a clean 1MT x86_64 machine RHEL-6.8:

# rpm -qa setroubleshoot\*
setroubleshoot-server-3.0.47-11.el6.x86_64
setroubleshoot-plugins-3.0.40-2.el6.noarch
# ps -efZ | grep setr
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1791 1621  0 14:26 pts/0 00:00:00 grep setr
# setsebool allow_execheap off
# setsebool allow_execmem off
# setsebool allow_execmod off
# setsebool allow_execstack off
# gcc -o pokus -g -pie -m32 pokus.c
# ./pokus
./pokus: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
# ps -efZ | grep setr
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1803 1 32 14:27 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1806 1621  0 14:27 pts/0 00:00:00 grep setr
# date
Tue Oct 18 14:27:45 EDT 2016
# ps -efZ | grep setr
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1803 1  1 14:27 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1819 1621  0 14:30 pts/0 00:00:00 grep setr
# date
Tue Oct 18 14:30:04 EDT 2016
# ps -efZ | grep setr
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1803 1  1 14:27 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1822 1621  0 14:32 pts/0 00:00:00 grep setr
# date
Tue Oct 18 14:32:06 EDT 2016
# ps -efZ | grep setr
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1803 1  0 14:27 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1825 1621  0 14:34 pts/0 00:00:00 grep setr
# date
Tue Oct 18 14:34:56 EDT 2016
#

# strace -p 1803
Process 1803 attached
restart_syscall(<... resuming interrupted call ...>
Comment 6 Milos Malik 2016-10-18 19:08:15 UTC 
# gdb -p 1803
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-90.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 1803
Reading symbols from /usr/bin/python...Reading symbols from /usr/lib/debug/usr/bin/python.debug...done.
done.
Reading symbols from /usr/lib64/libpython2.6.so.1.0...Reading symbols from /usr/lib/debug/usr/lib64/libpython2.6.so.1.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpython2.6.so.1.0
Reading symbols from /lib64/libpthread.so.0...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done.
[New LWP 1804]
[Thread debugging using libthread_db enabled]
done.
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libutil.so.1...Reading symbols from /usr/lib/debug/lib64/libutil-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libutil.so.1
Reading symbols from /lib64/libm.so.6...Reading symbols from /usr/lib/debug/lib64/libm-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/libc.so.6...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /usr/lib64/python2.6/site-packages/setroubleshoot/default_encoding_utf8.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/setroubleshoot/default_encoding_utf8.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/setroubleshoot/default_encoding_utf8.so
Reading symbols from /usr/lib64/python2.6/site-packages/selinux/_selinux.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/selinux/_selinux.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/selinux/_selinux.so
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /usr/lib64/python2.6/lib-dynload/syslog.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/syslog.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/syslog.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_collectionsmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_collectionsmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_collectionsmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/operator.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/operator.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/operator.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/itertoolsmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/itertoolsmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/itertoolsmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/timemodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/timemodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/timemodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/stropmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/stropmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/stropmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/cStringIO.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/cStringIO.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/cStringIO.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_functoolsmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_functoolsmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_functoolsmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_socketmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_socketmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_socketmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_ssl.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_ssl.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_ssl.so
Reading symbols from /usr/lib64/libssl.so.10...Reading symbols from /usr/lib/debug/usr/lib64/libssl.so.1.0.1e.debug...done.
done.
Loaded symbols for /usr/lib64/libssl.so.10
Reading symbols from /usr/lib64/libcrypto.so.10...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.1e.debug...done.
done.
Loaded symbols for /usr/lib64/libcrypto.so.10
Reading symbols from /lib64/libgssapi_krb5.so.2...Reading symbols from /usr/lib/debug/lib64/libgssapi_krb5.so.2.2.debug...done.
done.
Loaded symbols for /lib64/libgssapi_krb5.so.2
Reading symbols from /lib64/libkrb5.so.3...Reading symbols from /usr/lib/debug/lib64/libkrb5.so.3.3.debug...done.
done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /lib64/libk5crypto.so.3...Reading symbols from /usr/lib/debug/lib64/libk5crypto.so.3.1.debug...done.
done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libresolv.so.2...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libz.so.1...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libkrb5support.so.0...Reading symbols from /usr/lib/debug/lib64/libkrb5support.so.0.1.debug...done.
done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /usr/lib64/python2.6/lib-dynload/cPickle.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/cPickle.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/cPickle.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_struct.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_struct.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_struct.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_localemodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_localemodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_localemodule.so
Reading symbols from /usr/lib64/python2.6/site-packages/_dbus_bindings.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/_dbus_bindings.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/_dbus_bindings.so
Reading symbols from /lib64/libdbus-1.so.3...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done.
done.
Loaded symbols for /lib64/libdbus-1.so.3
Reading symbols from /lib64/librt.so.1...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /usr/lib64/python2.6/lib-dynload/_weakref.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_weakref.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_weakref.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/pyexpat.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/pyexpat.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/pyexpat.so
Reading symbols from /lib64/libexpat.so.1...Reading symbols from /usr/lib/debug/lib64/libexpat.so.1.5.2.debug...done.
done.
Loaded symbols for /lib64/libexpat.so.1
Reading symbols from /usr/lib64/python2.6/site-packages/gtk-2.0/glib/_glib.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/gtk-2.0/glib/_glib.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/gtk-2.0/glib/_glib.so
Reading symbols from /usr/lib64/libpyglib-2.0-python.so.0...Reading symbols from /usr/lib/debug/usr/lib64/libpyglib-2.0-python.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpyglib-2.0-python.so.0
Reading symbols from /lib64/libgobject-2.0.so.0...Reading symbols from /usr/lib/debug/lib64/libgobject-2.0.so.0.2800.8.debug...done.
done.
Loaded symbols for /lib64/libgobject-2.0.so.0
Reading symbols from /lib64/libgthread-2.0.so.0...Reading symbols from /usr/lib/debug/lib64/libgthread-2.0.so.0.2800.8.debug...done.
done.
Loaded symbols for /lib64/libgthread-2.0.so.0
Reading symbols from /lib64/libglib-2.0.so.0...Reading symbols from /usr/lib/debug/lib64/libglib-2.0.so.0.2800.8.debug...done.
done.
Loaded symbols for /lib64/libglib-2.0.so.0
Reading symbols from /usr/lib64/python2.6/site-packages/gtk-2.0/gobject/_gobject.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/gtk-2.0/gobject/_gobject.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/gtk-2.0/gobject/_gobject.so
Reading symbols from /usr/lib64/python2.6/site-packages/_dbus_glib_bindings.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/_dbus_glib_bindings.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/_dbus_glib_bindings.so
Reading symbols from /usr/lib64/libdbus-glib-1.so.2...Reading symbols from /usr/lib/debug/usr/lib64/libdbus-glib-1.so.2.1.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdbus-glib-1.so.2
Reading symbols from /usr/lib64/python2.6/site-packages/_audit.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/_audit.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/_audit.so
Reading symbols from /lib64/libaudit.so.1...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done.
done.
Loaded symbols for /lib64/libaudit.so.1
Reading symbols from /usr/lib64/python2.6/lib-dynload/selectmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/selectmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/selectmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/fcntlmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/fcntlmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/fcntlmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/datetime.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/datetime.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/datetime.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/binascii.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/binascii.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/binascii.so
Reading symbols from /usr/lib64/python2.6/site-packages/selinux/audit2why.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/selinux/audit2why.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/selinux/audit2why.so
Reading symbols from /usr/lib64/python2.6/site-packages/libxml2mod.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/libxml2mod.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/libxml2mod.so
Reading symbols from /usr/lib64/libxml2.so.2...Reading symbols from /usr/lib/debug/usr/lib64/libxml2.so.2.7.6.debug...done.
done.
Loaded symbols for /usr/lib64/libxml2.so.2
Reading symbols from /usr/lib64/python2.6/site-packages/setroubleshoot/sesearch/_sesearch.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/setroubleshoot/sesearch/_sesearch.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/setroubleshoot/sesearch/_sesearch.so
Reading symbols from /usr/lib64/libapol.so.4...Reading symbols from /usr/lib/debug/usr/lib64/libapol.so.4.3.debug...done.
done.
Loaded symbols for /usr/lib64/libapol.so.4
Reading symbols from /usr/lib64/libqpol.so.1...Reading symbols from /usr/lib/debug/usr/lib64/libqpol.so.1.6.debug...done.
done.
Loaded symbols for /usr/lib64/libqpol.so.1
Reading symbols from /lib64/libsepol.so.1...Reading symbols from /usr/lib/debug/lib64/libsepol.so.1.debug...done.
done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /lib64/libbz2.so.1...Reading symbols from /usr/lib/debug/lib64/libbz2.so.1.0.4.debug...done.
done.
Loaded symbols for /lib64/libbz2.so.1
Reading symbols from /usr/lib64/python2.6/site-packages/rpm/_rpmmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/rpm/_rpmmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/rpm/_rpmmodule.so
Reading symbols from /usr/lib64/librpm.so.1...Reading symbols from /usr/lib/debug/usr/lib64/librpm.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/librpm.so.1
Reading symbols from /lib64/libcap.so.2...Reading symbols from /usr/lib/debug/lib64/libcap.so.2.16.debug...done.
done.
Loaded symbols for /lib64/libcap.so.2
Reading symbols from /lib64/libacl.so.1...Reading symbols from /usr/lib/debug/lib64/libacl.so.1.1.0.debug...done.
done.
Loaded symbols for /lib64/libacl.so.1
Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done.
done.
Loaded symbols for /lib64/libdb-4.7.so
Reading symbols from /usr/lib64/librpmio.so.1...Reading symbols from /usr/lib/debug/usr/lib64/librpmio.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/librpmio.so.1
Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libelf.so.1...Reading symbols from /usr/lib/debug/usr/lib64/libelf-0.164.so.debug...done.
done.
Loaded symbols for /usr/lib64/libelf.so.1
Reading symbols from /lib64/libpopt.so.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0
Reading symbols from /usr/lib64/liblzma.so.0...Reading symbols from /usr/lib/debug/usr/lib64/liblzma.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/liblzma.so.0
Reading symbols from /usr/lib64/liblua-5.1.so...Reading symbols from /usr/lib/debug/usr/lib64/liblua-5.1.so.debug...done.
done.
Loaded symbols for /usr/lib64/liblua-5.1.so
Reading symbols from /lib64/libattr.so.1...Reading symbols from /usr/lib/debug/lib64/libattr.so.1.1.0.debug...done.
done.
Loaded symbols for /lib64/libattr.so.1
Reading symbols from /lib64/libgcc_s.so.1...Reading symbols from /usr/lib/debug/lib64/libgcc_s-4.4.7-20120601.so.1.debug...done.
done.
Loaded symbols for /lib64/libgcc_s.so.1
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /usr/lib64/libsoftokn3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsoftokn3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsoftokn3.so
Reading symbols from /usr/lib64/libsqlite3.so.0...Reading symbols from /usr/lib/debug/usr/lib64/libsqlite3.so.0.8.6.debug...done.
done.
Loaded symbols for /usr/lib64/libsqlite3.so.0
Reading symbols from /usr/lib64/libfreeblpriv3.so...Reading symbols from /usr/lib/debug/lib64/libfreeblpriv3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libfreeblpriv3.so
Reading symbols from /usr/lib64/python2.6/site-packages/rpm/_rpmbmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/rpm/_rpmbmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/rpm/_rpmbmodule.so
Reading symbols from /usr/lib64/librpmbuild.so.1...Reading symbols from /usr/lib/debug/usr/lib64/librpmbuild.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/librpmbuild.so.1
Reading symbols from /usr/lib64/libmagic.so.1...Reading symbols from /usr/lib/debug/usr/lib64/libmagic.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libmagic.so.1
Reading symbols from /usr/lib64/python2.6/lib-dynload/_hashlib.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_hashlib.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_hashlib.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/grpmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/grpmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/grpmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_bisectmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_bisectmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_bisectmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_heapq.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_heapq.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_heapq.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/mathmodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/mathmodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/mathmodule.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/_randommodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/_randommodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/_randommodule.so
Reading symbols from /usr/lib64/python2.6/site-packages/_semanage.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/_semanage.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/_semanage.so
Reading symbols from /lib64/libsemanage.so.1...Reading symbols from /usr/lib/debug/lib64/libsemanage.so.1.debug...done.
done.
Loaded symbols for /lib64/libsemanage.so.1
Reading symbols from /usr/lib64/libustr-1.0.so.1...Reading symbols from /usr/lib/debug/usr/lib64/libustr-1.0.so.1.0.4.debug...done.
done.
Loaded symbols for /usr/lib64/libustr-1.0.so.1
Reading symbols from /usr/lib64/python2.6/site-packages/setools/_sesearch.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/setools/_sesearch.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/setools/_sesearch.so
Reading symbols from /usr/lib64/python2.6/site-packages/setools/_seinfo.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/site-packages/setools/_seinfo.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/site-packages/setools/_seinfo.so
Reading symbols from /usr/lib64/python2.6/lib-dynload/arraymodule.so...Reading symbols from /usr/lib/debug/usr/lib64/python2.6/lib-dynload/arraymodule.so.debug...done.
done.
Loaded symbols for /usr/lib64/python2.6/lib-dynload/arraymodule.so
0x00007fe6e9535283 in __poll (fds=<value optimized out>, 
    nfds=<value optimized out>, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/poll.c:87
87	  int result = INLINE_SYSCALL (poll, 3, CHECK_N (fds, nfds), nfds, timeout);
(gdb) bt
#0  0x00007fe6e9535283 in __poll (fds=<value optimized out>, 
    nfds=<value optimized out>, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007fe6e3fef9f9 in g_main_context_poll (context=0x1728210, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:3405
#2  g_main_context_iterate (context=0x1728210, block=1, dispatch=1, 
    self=<value optimized out>) at gmain.c:3087
#3  0x00007fe6e3ff01a5 in g_main_loop_run (loop=0x4edf370) at gmain.c:3300
#4  0x00007fe6e491f791 in _wrap_g_main_loop_run (self=0x7fe6ea5cae10)
    at pygmainloop.c:320
#5  0x00007fe6ea167906 in call_function (f=<value optimized out>, 
    throwflag=<value optimized out>) at Python/ceval.c:3778
#6  PyEval_EvalFrameEx (f=<value optimized out>, 
    throwflag=<value optimized out>) at Python/ceval.c:2453
#7  0x00007fe6ea168b7f in fast_function (f=<value optimized out>, 
    throwflag=<value optimized out>) at Python/ceval.c:3880
#8  call_function (f=<value optimized out>, throwflag=<value optimized out>)
    at Python/ceval.c:3815
#9  PyEval_EvalFrameEx (f=<value optimized out>, 
    throwflag=<value optimized out>) at Python/ceval.c:2453
#10 0x00007fe6ea169647 in PyEval_EvalCodeEx (co=0x7fe6ea56e558, 
    globals=<value optimized out>, locals=<value optimized out>, 
    args=<value optimized out>, argcount=0, kws=0x0, kwcount=0, defs=0x0, 
    defcount=0, closure=0x0) at Python/ceval.c:3044
#11 0x00007fe6ea169722 in PyEval_EvalCode (co=<value optimized out>, 
    globals=<value optimized out>, locals=<value optimized out>)
    at Python/ceval.c:545
#12 0x00007fe6ea183b9c in run_mod (mod=<value optimized out>, 
    filename=<value optimized out>, globals=
    {'fork': False, 'set_category_level': <function at remote 0x7fe6e819ea28>, 'log_dbus': <Logger(name='dbus', parent=<RootLogger(name='root', parent=None, handlers=[<SysLogHandler(socket=<_socketobject at remote 0x7fe6ea4ae520>, facility=1, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562138>, _RLock__count=0) at remote 0x7fe6e81bf310>, level=40, unixsocket=1, filters=[], address='/dev/log', formatter=<Formatter(datefmt=None, _fmt='setroubleshoot: [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6e81bcf80>) at remote 0x7fe6e81bcd88>, <FileHandler(stream=<file at remote 0x7fe6e81ab270>, level=0, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562168>, _RLock__count=0) at remote 0x7fe6e81bf3d0>, encoding=None, baseFilename='/var/log/setroubleshoot/setroubleshootd.log', mode='w', filters=[], formatter=<Formatter(datefmt=None, _fmt='%(asctime)s [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6...(truncated), locals=
    {'fork': False, 'set_category_level': <function at remote 0x7fe6e819ea28>, 'log_dbus': <Logger(name='dbus', parent=<RootLogger(name='root', parent=None, handlers=[<SysLogHandler(socket=<_socketobject at remote 0x7fe6ea4ae520>, facility=1, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562138>, _RLock__count=0) at remote 0x7fe6e81bf310>, level=40, unixsocket=1, filters=[], address='/dev/log', formatter=<Formatter(datefmt=None, _fmt='setroubleshoot: [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6e81bcf80>) at remote 0x7fe6e81bcd88>, <FileHandler(stream=<file at remote 0x7fe6e81ab270>, level=0, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562168>, _RLock__count=0) at remote 0x7fe6e81bf3d0>, encoding=None, baseFilename='/var/log/setroubleshoot/setroubleshootd.log', mode='w', filters=[], formatter=<Formatter(datefmt=None, _fmt='%(asctime)s [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6...(truncated), flags=<value optimized out>, arena=<value optimized out>)
    at Python/pythonrun.c:1358
#13 0x00007fe6ea183c70 in PyRun_FileExFlags (fp=0x12e97a0, filename=
    0x7fff73c00fa3 "/usr/sbin/setroubleshootd", start=<value optimized out>, 
    globals=
    {'fork': False, 'set_category_level': <function at remote 0x7fe6e819ea28>, 'log_dbus': <Logger(name='dbus', parent=<RootLogger(name='root', parent=None, han---Type <return> to continue, or q <return> to quit---
dlers=[<SysLogHandler(socket=<_socketobject at remote 0x7fe6ea4ae520>, facility=1, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562138>, _RLock__count=0) at remote 0x7fe6e81bf310>, level=40, unixsocket=1, filters=[], address='/dev/log', formatter=<Formatter(datefmt=None, _fmt='setroubleshoot: [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6e81bcf80>) at remote 0x7fe6e81bcd88>, <FileHandler(stream=<file at remote 0x7fe6e81ab270>, level=0, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562168>, _RLock__count=0) at remote 0x7fe6e81bf3d0>, encoding=None, baseFilename='/var/log/setroubleshoot/setroubleshootd.log', mode='w', filters=[], formatter=<Formatter(datefmt=None, _fmt='%(asctime)s [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6...(truncated), locals=
    {'fork': False, 'set_category_level': <function at remote 0x7fe6e819ea28>, 'log_dbus': <Logger(name='dbus', parent=<RootLogger(name='root', parent=None, handlers=[<SysLogHandler(socket=<_socketobject at remote 0x7fe6ea4ae520>, facility=1, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562138>, _RLock__count=0) at remote 0x7fe6e81bf310>, level=40, unixsocket=1, filters=[], address='/dev/log', formatter=<Formatter(datefmt=None, _fmt='setroubleshoot: [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6e81bcf80>) at remote 0x7fe6e81bcd88>, <FileHandler(stream=<file at remote 0x7fe6e81ab270>, level=0, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__block=<thread.lock at remote 0x7fe6ea562168>, _RLock__count=0) at remote 0x7fe6e81bf3d0>, encoding=None, baseFilename='/var/log/setroubleshoot/setroubleshootd.log', mode='w', filters=[], formatter=<Formatter(datefmt=None, _fmt='%(asctime)s [%(name)s.%(levelname)s] %(message)s') at remote 0x7fe6...(truncated), closeit=1, flags=0x7fff73c00a50) at Python/pythonrun.c:1344
#14 0x00007fe6ea18515c in PyRun_SimpleFileExFlags (fp=0x12e97a0, filename=
    0x7fff73c00fa3 "/usr/sbin/setroubleshootd", closeit=1, flags=
    0x7fff73c00a50) at Python/pythonrun.c:948
#15 0x00007fe6ea191892 in Py_Main (argc=<value optimized out>, 
    argv=<value optimized out>) at Modules/main.c:618
#16 0x00007fe6e9474d1d in __libc_start_main (main=0x400710 <main>, argc=5, 
    ubp_av=0x7fff73c00b78, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=
    0x7fff73c00b68) at libc-start.c:226
#17 0x0000000000400649 in _start ()
(gdb)
Comment 7 Petr Lautrbach 2016-10-19 12:25:46 UTC 
Works for me with the latest rhel-6.8.z update:

[root@plautrba-rhel-6-i386 ~]# rpm -q setroubleshoot-server                                                            
setroubleshoot-server-3.0.47-12.el6_8.i686
[root@plautrba-rhel-6-i386 ~]# ps -efZ | grep setroubleshootd | grep -v grep
[root@plautrba-rhel-6-i386 ~]# ./pokus 
./pokus: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
[root@plautrba-rhel-6-i386 ~]# ps -efZ | grep setroubleshootd | grep -v grep
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1349 1 86 14:24 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f
[root@plautrba-rhel-6-i386 ~]# sleep 10; ps -efZ | grep setroubleshootd | grep -v grep
[root@plautrba-rhel-6-i386 ~]#
Comment 8 Milos Malik 2016-10-19 12:49:57 UTC 
Even though the latest version of setroubleshoot-server is installed, it still gets stuck:

# uname -a
Linux <removed>.redhat.com 2.6.32-642.el6.x86_64 #1 SMP Wed Apr 13 00:51:26 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
# rpm -qa setroubleshoot\*
setroubleshoot-server-3.0.47-12.el6_8.x86_64
setroubleshoot-plugins-3.0.40-2.el6.noarch
# gcc -o pokus -g -pie -m32 pokus.c
# file ./pokus
./pokus: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not stripped
# ps -efZ | grep setr
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1802 1607  0 08:42 pts/0 00:00:00 grep setr
# ./pokus 
./pokus: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
# ps -efZ | grep setr
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1805 1 36 08:43 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1808 1607  0 08:43 pts/0 00:00:00 grep setr
# sleep 60 ; ps -efZ | grep setr
system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 root 1805 1  3 08:43 ? 00:00:02 /usr/bin/python -Es /usr/sbin/setroubleshootd -f 
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1811 1607  0 08:44 pts/0 00:00:00 grep setr
#
Comment 9 Milos Malik 2016-10-19 13:28:34 UTC 
Situation remains the same even if the latest version of plugins is installed:

# rpm -qa setr\*
setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch
setroubleshoot-server-3.0.47-12.el6_8.x86_64
setroubleshoot-debuginfo-3.0.47-12.el6_8.x86_64
#
Comment 10 Petr Lautrbach 2016-10-20 11:37:13 UTC 
The behaviour seems to be indeterministic. Lets try to fix it setroubleshoot-plugins using the following patch: https://github.com/fedora-selinux/setroubleshoot/commit/578dd349f8d5bce24bd65ac7987e69db4096b7e3