430194 – Service starts but then dies

Bug 430194 - Service starts but then dies

Summary: Service starts but then dies

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	setroubleshoot
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	John Dennis
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	430195
Blocks:
TreeView+	depends on / blocked

Reported:	2008-01-25 04:18 UTC by David Highley
Modified:	2008-01-30 15:24 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-30 15:24:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David Highley 2008-01-25 04:18:46 UTC

Description of problem:
The service will start but as soon as you try and view policy violations the
service dies or it may die on a violation.

Version-Release number of selected component (if applicable):
setroubleshoot-1.10.7-1.fc8
selinux-policy-targeted-3.0.8-76.fc8

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
I believe this worked until a relabel was done of the /var/lib tree. Still will
not run in permissive mode.

Comment 1 John Dennis 2008-01-25 13:33:01 UTC

Are there errors in /var/log/setroubleshoot/setroubleshootd.log or
/var/log/messages?

Comment 2 David Highley 2008-01-26 04:40:37 UTC

2008-01-24 19:35:19,686 [email.WARNING] cannot open file
/var/lib/setroubleshoot/email_alert_recipients, No such file or directory
2008-01-24 19:35:54,956 [program.ERROR] Can not handle AVC'S related to
dispatcher. exiting
setroubleshoot context=system_u:system_r:setroubleshootd_t:s0, AVC
scontext=system_u:system_r:setroubleshootd_t:s0

Comment 3 John Dennis 2008-01-28 16:10:52 UTC

This appears to be a labeling problem, I still need some more information to
diagnose it. Would you please open up /var/log/audit/audit.log (as root) and
search for AVC's related to setroubleshoot and copy the full text into this bug
report. Thank you.

Comment 4 David Highley 2008-01-29 04:28:06 UTC

See bug 430195 where I attached a complete audit log file.

Comment 5 John Dennis 2008-01-29 14:00:14 UTC

re comment #4, this is a different issue, in bug 430195 binary data was
incorrectly inserted into a text buffer because the audit message was
incorrectly decoded, in this bug setroubleshoot is exiting because it generated
an AVC, a recursive situation which must be broken out of by exiting the daemon.

Comment 6 David Highley 2008-01-29 14:55:35 UTC

Looks like a labeling issue that I'm trying to figure out with Dan Walsh. It
appears that passwd file entries with a home directory in /var/lib are causing
other /var/lib locations to get labeled as home directories; 430195. See the
audit log entry below:
type=AVC msg=audit(1201582580.411:116): avc:  denied  { lock } for  pid=3704
comm="setroubleshootd" path="/var/lib/rpm/Packages" dev=dm-0 ino=26968074
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:user_home_t:s0 tclass=file

Comment 7 David Highley 2008-01-30 15:24:21 UTC

Changing a passwd file shell to /sbin/nologin and relabeling has fixed this issue.

Note You need to log in before you can comment on or make changes to this bug.