DescriptionEdvard Fagerholm
2012-05-09 14:14:04 UTC
Description of problem:
Yanking a USB stick for a Garmin HRM while it has been passed to a Win 7 VM under virt-manager causes setroubleshootd to consume 100% CPU 2G of memory and audit.log gets filled with the following:
type=SYSCALL msg=audit(1336526335.863:206633): arch=c000003e syscall=16 success=no exit=-13 a0=1b a1=4008550d a2=7fff12ffb3a0
a3=7fff12ffb530 items=0 ppid=1 pid=13343 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=1
07 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c298,c678 key=(null)
type=AVC msg=audit(1336526335.863:206634): avc: denied { ioctl } for pid=13343 comm="qemu-kvm" path=2F6465762F6275732F75736
22F3030312F303038202864656C6574656429 dev="devtmpfs" ino=523297 scontext=system_u:system_r:svirt_t:s0:c298,c678 tcontext=syste
m_u:object_r:usb_device_t:s0 tclass=chr_file
The following happens when trying to parse the content of audit.log in order to run audit2allow:
# sealert -a /var/log/audit/audit.log
0% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /dev/bus/usb/001/008 (deleted); } 2>&1'
sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /dev/bus/usb/001/008 (deleted); } 2>&1'
sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /dev/bus/usb/001/008 (deleted); } 2>&1'
sh: -c: line 0: syntax error near unexpected token `('
and keeps printing this forever, since audit.log is over 100MB.
Version-Release number of selected component (if applicable):
Fedora 16 with all current updates as of 5/9/2012.
How reproducible:
Happens every time.
Actual results:
System gets unresponsive since setroubleshootd uses all CPU and memory and starts trashing the disk.
Expected results:
Win 7 should react like it was a USB stick pulled out of a physical machine it was installed on. Nothing else should happen.
Strange, I don't get this error with setroubleshoot in F17.
But we should definitely add a check to make sure the file exists.
If you run ausearch -m avc, what output are you getting?
Comment 4Fedora Update System
2012-05-10 14:32:46 UTC
Package setroubleshoot-3.1.11-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing setroubleshoot-3.1.11-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7549/setroubleshoot-3.1.11-1.fc16
then log in and leave karma (feedback).
Comment 5Fedora Update System
2012-05-20 23:54:11 UTC
setroubleshoot-3.1.11-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: Yanking a USB stick for a Garmin HRM while it has been passed to a Win 7 VM under virt-manager causes setroubleshootd to consume 100% CPU 2G of memory and audit.log gets filled with the following: type=SYSCALL msg=audit(1336526335.863:206633): arch=c000003e syscall=16 success=no exit=-13 a0=1b a1=4008550d a2=7fff12ffb3a0 a3=7fff12ffb530 items=0 ppid=1 pid=13343 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=1 07 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c298,c678 key=(null) type=AVC msg=audit(1336526335.863:206634): avc: denied { ioctl } for pid=13343 comm="qemu-kvm" path=2F6465762F6275732F75736 22F3030312F303038202864656C6574656429 dev="devtmpfs" ino=523297 scontext=system_u:system_r:svirt_t:s0:c298,c678 tcontext=syste m_u:object_r:usb_device_t:s0 tclass=chr_file The following happens when trying to parse the content of audit.log in order to run audit2allow: # sealert -a /var/log/audit/audit.log 0% donesh: -c: line 0: syntax error near unexpected token `(' sh: -c: line 0: `{ rpm -qf /dev/bus/usb/001/008 (deleted); } 2>&1' sh: -c: line 0: syntax error near unexpected token `(' sh: -c: line 0: `{ rpm -qf /dev/bus/usb/001/008 (deleted); } 2>&1' sh: -c: line 0: syntax error near unexpected token `(' sh: -c: line 0: `{ rpm -qf /dev/bus/usb/001/008 (deleted); } 2>&1' sh: -c: line 0: syntax error near unexpected token `(' and keeps printing this forever, since audit.log is over 100MB. Version-Release number of selected component (if applicable): Fedora 16 with all current updates as of 5/9/2012. How reproducible: Happens every time. Actual results: System gets unresponsive since setroubleshootd uses all CPU and memory and starts trashing the disk. Expected results: Win 7 should react like it was a USB stick pulled out of a physical machine it was installed on. Nothing else should happen.