| Summary: | corrupt tpath value in setroubleshoot_database.xml | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | David Hull <hull> | ||||||
| Component: | setroubleshoot | Assignee: | Daniel Walsh <dwalsh> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 14 | CC: | dwalsh, mgrepl | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-05-25 15:01:41 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Attachments: |
|
||||||||
Do you have the AVC's that are causing this? Created attachment 492993 [details]
setroubleshoot_database.xml (truncated)
Entries from setroubleshoot_database.xml with bad tpath values.
Created attachment 492995 [details]
audit.log (truncated)
These are the entries from /var/log/audit/audit.log that are related to the first entry in the setroubleshoot_database.xml attachment. Is this what you're looking for?
The code falsely assumed 1271 was a hex string and translated it into an unprintable string. I added a check to make sure the string is printable after hex translation. fixed in setroubleshoot-3.0.33.f14 |
Description of problem: My system's /var/lib/setroubleshoot/setroubleshoot_database.xml file is getting bad tpath values, which is preventing sealert from working. Version-Release number of selected component (if applicable): setroubleshoot-3.0.30-1.fc14.x86_64 setroubleshoot-server-3.0.30-1.fc14.x86_64 setroubleshoot-plugins-3.0.13-1.fc14.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: (The following excerpts are pasted from lessing the file. The "^V" is control-v, etc.) <tpath>^V)</tpath> <tpath>^R^C</tpath> [root@dale rpmbuild]# sealert -l 5728427c-b7fd-4083-b645-7b001792af11 Entity: line 59: parser error : PCDATA invalid Char value 23 <tpath></tpath> ^ Entity: line 59: parser error : PCDATA invalid Char value 23 <tpath></tpath> ^ The /var/adm/messages files has lines like: Apr 14 15:37:37 dale setroubleshoot: SELinux is preventing /bin/ps from search access on the directory #021 <88>. For complete SELinux messages. run sealert -l 552ef619-d8c6-4e88-ba7c-bceda7928e3b Here, the "<88>" is the character \0x88. Finally, /var/log/setroubleshoot/setroubleshootd.log contains: 2011-04-14 16:51:21,310 [xml.ERROR] read_xml_file() libxml2.parserError: xmlParseFile() failed 2011-04-14 16:56:25,082 [avc.ERROR] Plugin Exception catchall Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/setroubleshoot/analyze.py", line 191, in analyze_avc report = plugin.analyze(avc) File "/usr/share/setroubleshoot/plugins/catchall.py", line 67, in analyze summary = self.summary + " on " + avc.tpath + "." UnicodeDecodeError: 'utf8' codec can't decode byte 0x97 in position 1: invalid start byte 2011-04-14 17:50:19,538 [rpc.ERROR] could not send data on socket ({unix}/var/run/setroubleshoot/setroubleshoot_server socket=0x5c25b40): Broken pipe Expected results: Additional info: