Bug 855496

Description of problem:


Version-Release number of selected component (if applicable):
libselinux-python-2.0.94-5.3.el6.x86_64
libselinux-2.0.94-5.3.el6.x86_64
libselinux-utils-2.0.94-5.3.el6.x86_64
selinux-policy-3.7.19-155.el6_3.noarch
selinux-policy-targeted-3.7.19-155.el6_3.noarch
setroubleshoot-server-3.0.47-3.el6_3.x86_64
sanlock-2.3-3.el6_3.x86_64
sanlock-python-2.3-3.el6_3.x86_64
sanlock-lib-2.3-3.el6_3.x86_64

How reproducible:
Always

Steps to Reproduce: (prolly not relevant)
1. Setup gluster volume.
2. Mount these volumes as storage using RHEV-M
3. sealert -a /var/log/audit/audit.log
  
Actual results:
[root@rhs-gp-srv9 ~]# sealert -a /var/log/audit/audit.log 
 11% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346420380 (deleted); } 2>&1'
 11% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346425766 (deleted); } 2>&1'
 11% donetype=AVC msg=audit(1346407511.152:6): avc:  denied  { chown } for  pid=3547 comm="sanlock" capability=0  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.153:9): avc:  denied  { search } for  pid=3547 comm="sanlock" scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.153:8): avc:  denied  { setrlimit } for  pid=3547 comm="sanlock" scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.153:7): avc:  denied  { dac_override } for  pid=3547 comm="sanlock" capability=1  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.154:10): avc:  denied  { signal } for  pid=3547 comm="sanlock" scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.154:11): avc:  denied  { setgid } for  pid=3551 comm="sanlock" capability=6  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.154:12): avc:  denied  { setuid } for  pid=3551 comm="sanlock" capability=7  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

 12% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346429721 (deleted); } 2>&1'
 39% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346733554 (deleted); } 2>&1'
 40% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346735816 (deleted); } 2>&1'
 66% done'tuple' object has no attribute 'split'
100% doneERROR: failed to read complete file, 5786600 bytes read out of total 5781734 bytes (/var/log/audit/audit.log)
found 48 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------


Expected results: No syntax errors should be displayed


Additional info: