Bug 219004 - setroubleshootd dead when AVC for crossover on x86_64
setroubleshootd dead when AVC for crossover on x86_64
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: setroubleshoot (Show other bugs)
6
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-08 19:57 EST by han pingtian
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-26 22:17:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description han pingtian 2006-12-08 19:57:33 EST
Description of problem:
When run IE6 with crossover, a AVC happens. But the setroubleshootd dead
immediately. The log in /var/log/messages:

Dec  9 08:47:05 openfree setroubleshoot: 2006-12-09 08:47:05,594 [plugin.ERROR]
failed to retrieve rpm info for /home/hpt/cxofficebeta/bin/wine-preloader
Traceback (most recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", l
ine 193, in get_rpm_nvr_by_file_path     mi = ts.dbMatch(rpm.RPMTAG_BASENAMES,
path) TypeError: rpmdb open failed
Dec  9 08:47:06 openfree setroubleshoot: 2006-12-09 08:47:05,753 [plugin.ERROR]
failed to retrieve rpm info for
/home/hpt/.cxofficebeta/win98/drive_c/windows/system32/wmvds32.ax Traceback
(most recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line 193, in
get_rpm_nvr_by_file_path     mi = ts.dbMatch(rpm.RPMTAG_BASENAMES, path)
TypeError: rpmdb open failed
Dec  9 08:47:06 openfree setroubleshoot: 2006-12-09 08:47:05,906 [plugin.ERROR]
failed to retrieve rpm info for selinux-policy Traceback (most recent call
last):   File "/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line
178, in get_rpm_nvr_by_name     mi = ts.dbMatch(rpm.RPMTAG_NAME, name)
TypeError: rpmdb open failed
Dec  9 08:47:06 openfree setroubleshoot:      SELinux is preventing
/home/hpt/cxofficebeta/bin/wine-preloader from loading
/home/hpt/.cxofficebeta/win98/drive_c/windows/system32/wmvds32.ax which requires
text relocation.      For complete SELinux messages. run sealert -l
3bda52d7-4bc3-48d0-9249-7731287ad786
Dec  9 08:47:06 openfree setroubleshoot: 2006-12-09 08:47:06,663 [plugin.ERROR]
failed to retrieve rpm info for /home/hpt/cxofficebeta/bin/wine-preloader
Traceback (most recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line 193, in
get_rpm_nvr_by_file_path     mi = ts.dbMatch(rpm.RPMTAG_BASENAMES, path)
TypeError: rpmdb open failed
Dec  9 08:47:06 openfree setroubleshoot: 2006-12-09 08:47:06,667 [plugin.ERROR]
failed to retrieve rpm info for
/home/hpt/.cxofficebeta/win98/drive_c/windows/system32/wmvds32.ax Traceback
(most recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line 193, in
get_rpm_nvr_by_file_path     mi = ts.dbMatch(rpm.RPMTAG_BASENAMES, path)
TypeError: rpmdb open failed
Dec  9 08:47:06 openfree setroubleshoot: 2006-12-09 08:47:06,672 [plugin.ERROR]
failed to retrieve rpm info for selinux-policy Traceback (most recent call
last):   File "/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line
178, in get_rpm_nvr_by_name     mi = ts.dbMatch(rpm.RPMTAG_NAME, name)
TypeError: rpmdb open failed
Dec  9 08:47:06 openfree setroubleshoot:      SELinux is preventing
/home/hpt/cxofficebeta/bin/wine-preloader from loading
/home/hpt/.cxofficebeta/win98/drive_c/windows/system32/wmvds32.ax which requires
text relocation.      For complete SELinux messages. run sealert -l
3bda52d7-4bc3-48d0-9249-7731287ad786
Dec  9 08:47:08 openfree setroubleshoot: 2006-12-09 08:47:08,673 [program.ERROR]
Can not handle AVC'S related to dispatcher. exiting setroubleshoot
context=user_u:system_r:setroubleshootd_t:s0, AVC
scontext=user_u:system_r:setroubleshootd_t:s0
Dec  9 08:47:09 openfree setroubleshoot: 2006-12-09 08:47:09,089 [rpc.ERROR]
attempt to open server connection failed: (111, 'Connection refused')
Dec  9 08:47:11 openfree audispd: Socket error (32, 'Broken pipe')

Version-Release number of selected component (if applicable):
setroubleshoot-1.7.1-1.fc6.noarch

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 John Dennis 2006-12-18 13:11:34 EST
It looks like most of these errors come from RPM. Are you able to 'rpm -q xxx'
successfully? (where xxx is some installed rpm). New versions of setroubleshoot
handle the failure to query rpm more gracefully. If you update to latest does
the problem go away?
Comment 2 han pingtian 2006-12-19 09:16:27 EST
Yes, I can run the rpm command:
$ rpm -q setroubleshoot
setroubleshoot-1.7.1-1.fc6.noarch

but setroubleshootd dead by other AVC:

Dec 19 21:44:52 openfree setroubleshoot: 2006-12-19 21:44:52,038 [plugin.ERROR]
failed to retrieve rpm info for /usr/sbin/irqbal
ance Traceback (most recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line 193, in get_rpm_n
vr_by_file_path     mi = ts.dbMatch(rpm.RPMTAG_BASENAMES, path) TypeError: rpmdb
open failed                                    Dec 19 21:44:52 openfree
setroubleshoot: 2006-12-19 21:44:52,054 [plugin.ERROR] failed to retrieve rpm
info for net Traceback (m
ost recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line 193, in
get_rpm_nvr_by_file_path
   mi = ts.dbMatch(rpm.RPMTAG_BASENAMES, path) TypeError: rpmdb open failed    
                                                Dec 19 21:44:52 openfree
setroubleshoot: 2006-12-19 21:44:52,083 [plugin.ERROR] failed to retrieve rpm
info for selinux-policy T
raceback (most recent call last):   File
"/usr/lib/python2.4/site-packages/setroubleshoot/util.py", line 178, in
get_rpm_nvr_by_
name     mi = ts.dbMatch(rpm.RPMTAG_NAME, name) TypeError: rpmdb open failed   
                                                Dec 19 21:44:52 openfree
setroubleshoot:      SELinux is preventing /usr/sbin/irqbalance (irqbalance_t)
"search" access to net (
proc_net_t).      For complete SELinux messages. run sealert -l
1f5176b6-709e-4f18-a7a5-6170f0973343
Dec 19 21:44:54 openfree setroubleshoot: 2006-12-19 21:44:54,150 [program.ERROR]
Can not handle AVC'S related to dispatcher. exiting setroubleshoot
context=user_u:system_r:setroubleshootd_t:s0, AVC
scontext=user_u:system_r:setroubleshootd_t:s0
Dec 19 21:44:57 openfree kernel: Inbound IN=ppp0 OUT= MAC= SRC=58.55.16.35
DST=125.33.137.189 LEN=66 TOS=0x00 PREC=0x00 TTL=51 I
D=4489 PROTO=UDP SPT=4672 DPT=4672 LEN=46                                      
                                                Dec 19 21:44:59 openfree kernel:
Inbound IN=ppp0 OUT= MAC= SRC=125.33.129.254 DST=125.33.137.189 LEN=48 TOS=0x00
PREC=0x00 TTL=1
27 ID=13771 DF PROTO=TCP SPT=3020 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0
Dec 19 21:45:00 openfree audispd: Socket error (32, 'Broken pipe')
Comment 3 John Dennis 2006-12-19 10:47:14 EST
Thank you. I need some more information, I need to know the full content of the
AVC that is setroubleshoot is triggering. There are two ways to get this, the
first is probably the easiest.

1) Open your /var/log/audit/audit.log file and search for
"user_u:system_r:setroubleshootd_t". The AVC may actually be composed from
multiple lines, not all of which are labeled "AVC", but they will all share the
same audit message identifier, near the beginning of the line where you found
the above string should be something which looks like this:
"msg=audit(1163009763.767:14)" the string inside the parens is the message id,
if there are any other lines in the audit log file with the same message id I'll
need those as well, they all comprise one audit event.

2) setroubleshoot synthesizes these messages into one complete AVC event as
outlined above, the problem is the error reporting code does not dump the full
event. The second option is to change the error reporting code to dump the full
event. This can be done by editing as root
/usr/lib/python*/site-packages/setroubleshoot/avc_audit.py and somewhere around
line 70 you'll see

        log_program.error( "Can not handle AVC'S related to dispatcher. ...

We just want to add one more print statement to dump the full AVC, keeping the
same indendation, add this:

        log_program.error( "AVC=%s", str(avc))

then as root 

% service setroubleshoot restart

then then do whatever triggered the problem, the full content of the AVC should
be in the log file.

Thanks!
Comment 4 han pingtian 2006-12-19 21:34:18 EST
Aha, thank you very much. I had found that there are some files
in the /var/lib/rpm/, such as 'Packages', has the wrong context. 
I have changed them, and the problem has gone.

Thanks a lot!

Note You need to log in before you can comment on or make changes to this bug.