Bug 727264

Summary: setroubleshoot not finding AVC denials
Product: [Fedora] Fedora Reporter: Tom <thomasbelvin>
Component: setroubleshootAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, germano.massullo, mgrepl, notting, rdieter
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-23 16:52:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tom 2011-08-01 17:19:15 UTC 
Description of problem:
I'm not sure exactly what's going on, but here's my problem.
I only get AVC denial messages in /var/log/messages and setroubleshoot isn't working. When I run 'semodule DB' I get:
'libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete context.' and new AVC denials don't show using 'ausearch -m avc -ts recent' or 'grep AVC /var/log/audit/audit.log | sedispatch'.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-11.fc17

How reproducible:
Everytime

Steps to Reproduce:
1.Get an AVC denial with SELinux set to enforcing, and program closes
2.setroubleshoot shows nothing wrong
3.Program runs fine with SELinux set to permissive
  
Actual results:
No AVC denial message with setroubleshoot

Expected results:
setroubleshoot shows what SELinux just blocked

Additional info:
Comment 1 Germano Massullo 2011-11-21 17:38:22 UTC 
This is happening to me in Fedora 16.
Programs well known to have problems with SELinux auto close or have malfunctions, but SELinux troubleshooter does not notify in taskbar.
I have KDE 4.7.3.

Tom could you change version to Fedora 16? I think it could be better
Comment 2 Daniel Walsh 2011-11-21 23:10:05 UTC 
The problem is on update auditd is not running.

systemctl enable auditd
systemctl start auditd

Then the auditd will start sending avc's to setroubleshoot.
Comment 3 Germano Massullo 2011-11-21 23:19:08 UTC 
[root@computer ]# systemctl enable auditd
Failed to issue method call: Invalid argument
Comment 4 Miroslav Grepl 2011-11-23 08:16:30 UTC 
systemctl enable auditd.service
systemctl start auditd.service

should work.
Comment 5 Daniel Walsh 2011-11-23 16:52:43 UTC 
Oops always forget the .service part.
Comment 6 Germano Massullo 2011-11-23 17:21:25 UTC 
Why did you close as not a bug? The system did not show SELinux errors until we do
systemctl enable auditd.service
systemctl start auditd.service
That's not normal
Comment 7 Daniel Walsh 2011-11-23 17:48:25 UTC 
Well I guess I should have closed it as cantfix, since updates from F15 to F16 did not maintain the state of running services.  I am not sure why this decision was made, but that is what caused the problem. Nothing audit, setroubleshoot or selinux can do about it.
Comment 8 Germano Massullo 2011-11-23 20:46:40 UTC 
I don't understand well these technical things, but we must let know developer leaders that SELinux troubleshooter is no longer working, and this is not admissable.
Comment 9 Daniel Walsh 2011-11-29 01:55:53 UTC 
Yes I understand.  On fresh installs it will work, but on updates no system services that were working before work afterwards.
Comment 10 Germano Massullo 2011-11-29 10:55:27 UTC 
Then someone should put
systemctl enable auditd.service
systemctl start auditd.service
under upgrade FAQs from Fedora 15 to Fedora 16
Comment 11 Daniel Walsh 2011-11-29 21:04:30 UTC 
Bill who should I ping to do this?
Comment 12 Bill Nottingham 2011-11-29 21:36:37 UTC 
It's on the wiki - https://fedoraproject.org/wiki/Common_F16_bugs
Comment 13 Daniel Walsh 2011-11-30 17:24:56 UTC 
Maybe we should call this out on setroubleshoot directly.