Description of problem: The service will start but as soon as you try and view policy violations the service dies or it may die on a violation. Version-Release number of selected component (if applicable): setroubleshoot-1.10.7-1.fc8 selinux-policy-targeted-3.0.8-76.fc8 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: I believe this worked until a relabel was done of the /var/lib tree. Still will not run in permissive mode.
Are there errors in /var/log/setroubleshoot/setroubleshootd.log or /var/log/messages?
2008-01-24 19:35:19,686 [email.WARNING] cannot open file /var/lib/setroubleshoot/email_alert_recipients, No such file or directory 2008-01-24 19:35:54,956 [program.ERROR] Can not handle AVC'S related to dispatcher. exiting setroubleshoot context=system_u:system_r:setroubleshootd_t:s0, AVC scontext=system_u:system_r:setroubleshootd_t:s0
This appears to be a labeling problem, I still need some more information to diagnose it. Would you please open up /var/log/audit/audit.log (as root) and search for AVC's related to setroubleshoot and copy the full text into this bug report. Thank you.
See bug 430195 where I attached a complete audit log file.
re comment #4, this is a different issue, in bug 430195 binary data was incorrectly inserted into a text buffer because the audit message was incorrectly decoded, in this bug setroubleshoot is exiting because it generated an AVC, a recursive situation which must be broken out of by exiting the daemon.
Looks like a labeling issue that I'm trying to figure out with Dan Walsh. It appears that passwd file entries with a home directory in /var/lib are causing other /var/lib locations to get labeled as home directories; 430195. See the audit log entry below: type=AVC msg=audit(1201582580.411:116): avc: denied { lock } for pid=3704 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev=dm-0 ino=26968074 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
Changing a passwd file shell to /sbin/nologin and relabeling has fixed this issue.