Bug 1442541 - sealert couldn't report about SELinux problems
Summary: sealert couldn't report about SELinux problems
Keywords:
Status: CLOSED DUPLICATE of bug 1444549
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 26
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-15 10:31 UTC by Mikhail
Modified: 2017-04-24 11:39 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-04-24 11:39:33 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
screenshot (10.98 KB, image/png)
2017-04-15 10:31 UTC, Mikhail 		no flags Details
View All

Description Mikhail 2017-04-15 10:31:12 UTC 
Created attachment 1271779 [details]
screenshot

Description of problem:
sealert couldn't report about SELinux problems

# rpm -q setroubleshoot-server
setroubleshoot-server-3.3.11-3.fc26.x86_64
Comment 1 Petr Lautrbach 2017-04-17 15:04:56 UTC 
Could you please provide more information about things you did and possibly if there's anything in journal related to setroubleshooot or sealert? Is it reproducible? How?
Comment 2 Petr Lautrbach 2017-04-18 05:35:27 UTC 
Could be the same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1436996
Comment 3 Mikhail 2017-04-20 20:22:04 UTC 
> Is it reproducible?
Yes, alway reproducible on any SELinux problem.


For example:
journalctl  -xe
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/lib/python3.6/site-packages/setroubleshoot/browser.py", line 800, in show_current_alert
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     rb = self.add_row(p, alert, args)
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/lib/python3.6/site-packages/setroubleshoot/browser.py", line 437, in add_row
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     if_text = _("If ") + alert.substitute(plugin.get_if_text(avc, args))
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/share/setroubleshoot/plugins/catchall_boolean.py", line 60, in get_if_text
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     txt=seobject.boolean_desc(args[0])
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]: AttributeError: module 'seobject' has no attribute 'boolean_desc'
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]: Traceback (most recent call last):
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/lib/python3.6/site-packages/setroubleshoot/browser.py", line 832, in on_next_button_clicked
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     self.show_current_alert()
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/lib/python3.6/site-packages/setroubleshoot/browser.py", line 800, in show_current_alert
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     rb = self.add_row(p, alert, args)
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/lib/python3.6/site-packages/setroubleshoot/browser.py", line 437, in add_row
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     if_text = _("If ") + alert.substitute(plugin.get_if_text(avc, args))
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:   File "/usr/share/setroubleshoot/plugins/catchall_boolean.py", line 60, in get_if_text
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]:     txt=seobject.boolean_desc(args[0])
Apr 21 01:20:40 localhost.localdomain org.fedoraproject.Setroubleshootd[1513]: AttributeError: module 'seobject' has no attribute 'boolean_desc'
Apr 21 01:20:43 localhost.localdomain audit[773]: USER_AVC pid=773 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=signal in
                                                   exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Apr 21 01:20:46 localhost.localdomain audit[773]: USER_AVC pid=773 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=signal in
                                                   exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Apr 21 01:20:57 localhost.localdomain audit[773]: USER_AVC pid=773 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=signal in
                                                   exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Apr 21 01:21:00 localhost.localdomain systemd[1]: Starting The PHP FastCGI Process Manager...
-- Subject: Unit php-fpm.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit php-fpm.service has begun starting up.
Apr 21 01:21:00 localhost.localdomain audit[14571]: AVC avc:  denied  { execmem } for  pid=14571 comm="php-fpm" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissi
Apr 21 01:21:00 localhost.localdomain audit[14571]: AVC avc:  denied  { execmem } for  pid=14571 comm="php-fpm" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissi
Apr 21 01:21:00 localhost.localdomain audit[773]: USER_AVC pid=773 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_ca
                                                   exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Apr 21 01:21:00 localhost.localdomain php-fpm[14571]: [21-Apr-2017 01:21:00] ERROR: [pool synergy] cannot get uid for user 'synergy'
Apr 21 01:21:00 localhost.localdomain php-fpm[14571]: [21-Apr-2017 01:21:00] ERROR: FPM initialization failed
Apr 21 01:21:00 localhost.localdomain systemd[1]: php-fpm.service: Main process exited, code=exited, status=78/n/a
Apr 21 01:21:00 localhost.localdomain systemd[1]: Failed to start The PHP FastCGI Process Manager.
-- Subject: Unit php-fpm.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit php-fpm.service has failed.
-- 
-- The result is failed.
Apr 21 01:21:00 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=php-fpm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=
Apr 21 01:21:00 localhost.localdomain systemd[1]: php-fpm.service: Unit entered failed state.
Apr 21 01:21:00 localhost.localdomain systemd[1]: php-fpm.service: Failed with result 'exit-code'.
Apr 21 01:21:00 localhost.localdomain audit[773]: USER_AVC pid=773 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=signal in
                                                   exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Apr 21 01:21:03 localhost.localdomain setroubleshoot[14484]: SELinux is preventing php-fpm from using the execmem access on a process. For complete SELinux messages. run sealert -l 371d46e9-4971-4d96-88a1-9f7897
Apr 21 01:21:03 localhost.localdomain setroubleshoot[14484]: Exception during AVC analysis: module 'seobject' has no attribute 'boolean_desc'
Comment 4 Mikhail 2017-04-20 20:24:35 UTC 
this is unbelievable, but
# setenforce 0
not help anymore
Comment 5 Vit Mojzis 2017-04-24 11:39:33 UTC 

*** This bug has been marked as a duplicate of bug 1444549 ***
Note You need to log in before you can comment on or make changes to this bug.