Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
There is not a specific reproducer, but what we could understand is that
apparently the issue started happening after installing the packages
glibc-2.34-60.el9.i686
glibc-gconv-extra-2.34-60.el9.i686
libgcc-11.3.1-4.3.el9.i686
Inspecting source code and doing experiments did not find any possible
issue, other than incorrect type in
https://github.com/linux-application-whitelisting/fapolicyd/blob/main/src/library/file.c#L680
where it should use ELf32_Dyn and not Elf64_Dyn. The types are different,
(Elf32_Dun is 8 bytes while Elf64_Dyn is 16 bytes) but further checking the
code it should only have issues on very special 32 bit libraries, possibly
ending in a segfault.
What really should have triggered the issue was that both, fapolicyd and
sudo were updated in the same transaction.
When attempting to debug the problem, the problem just gone away with a
restart of fapolicyd.
This bug report is now as just a heads up of possible issues, probably with
rpm-plugin-fapolicyd, the condition of updating fapolicyd and sudo in the
same transaction, and probably running the update from sudo or after sudo.