Description of problem: An AVC generated by setroubleshoot seems to have occurred and caused the daemon to shutdown. Mar 5 16:09:08 cirithungol setroubleshoot: [program.ERROR] setroubleshoot generated AVC, exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0, AVC scontext=system_u:system_r:setroubleshootd_t:s0 There was also a traceback: Traceback (most recent call last): File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 339, in auto_save_callback self.save() File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 316, in save self.sigs.write_xml('sigs', self.filepath) File "/usr/lib/python2.5/site-packages/setroubleshoot/xml_serialize.py", line 308, in write_xml f.write(self.get_xml_text_doc(obj_name)) KeyboardInterrupt Traceback (most recent call last): File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit Version-Release number of selected component (if applicable): setroubleshoot-2.0.6-1.fc9.noarch Additional info: This happened with a new database, not the old (large) database from bug# 436032. More info attached.
Created attachment 296968 [details] setroubleshoot-avc-recursion.txt
Created attachment 296969 [details] audit_listener_database.xml
Created attachment 296970 [details] setroubleshootd.log
I also saw this in kernel messages: Mar 5 16:38:58 cirithungol setroubleshoot: [rpc.ERROR] attempt to open server connection failed: Connection refused After trying to restart the service several times it succeeded (first few tries failed to stop, but had OK on start, but still the browser could not connect). Moments ago: Traceback (most recent call last): File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 339, in auto_save_callback self.save() File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 316, in save self.sigs.write_xml('sigs', self.filepath) File "/usr/lib/python2.5/site-packages/setroubleshoot/xml_serialize.py", line 308, in write_xml f.write(self.get_xml_text_doc(obj_name)) KeyboardInterrupt Traceback (most recent call last): File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit Exception in thread Thread-2 (most likely raised during interpreter shutdown): Traceback (most recent call last): File "/usr/lib/python2.5/threading.py", line 460, in __bootstrap File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 349, in run File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 315, in new_audit_record_handler File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 323, in new_audit_event_handler File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 60, in verify_avc File "/usr/lib/python2.5/logging/__init__.py", line 1015, in error File "/usr/lib/python2.5/logging/__init__.py", line 1101, in _log File "/usr/lib/python2.5/logging/__init__.py", line 1111, in handle File "/usr/lib/python2.5/logging/__init__.py", line 1148, in callHandlers File "/usr/lib/python2.5/logging/__init__.py", line 657, in handle File "/usr/lib/python2.5/logging/__init__.py", line 611, in release File "/usr/lib/python2.5/threading.py", line 114, in release <type 'exceptions.TypeError'>: 'NoneType' object is not callable Unhandled exception in thread started by Error in sys.excepthook: Original exception was: (nothing showed up here) I'll update/relabel and see if the new kernel works while I'm at it, will get back to this late tonight.
One more note, in comment #1 the attachment I had omitted this line but when that second traceback just occurred this line is repeated again just before (about 20 seconds) setroubleshoot goes down. Mar 5 16:44:38 cirithungol setroubleshoot: SELinux is preventing nmbd (nmbd_t) "sys_resource" to <Unknown> (nmbd_t). For complete SELinux messages. run sealert -l f27e6364-5635-4f02-944b-6631e336ea89 Source Context system_u:system_r:nmbd_t Target Context system_u:system_r:nmbd_t Target Objects None [ capability ] Source nmbd Source Path /usr/sbin/nmbd Port <Unknown> Host cirithungol Source RPM Packages samba-3.2.0-1.pre1.3.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-9.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name cirithungol Platform Linux cirithungol 2.6.25-0.82.rc3.git2.fc9 #1 SMP Sun Mar 2 23:05:25 EST 2008 i686 i686 Alert Count 2 First Seen Wed Mar 5 16:08:38 2008 Last Seen Wed Mar 5 16:44:38 2008 Local ID f27e6364-5635-4f02-944b-6631e336ea89 Line Numbers Raw Audit Messages host=cirithungol type=AVC msg=audit(1204764278.620:80): avc: denied { sys_resource } for pid=2620 comm="nmbd" capability=24 scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:system_r:nmbd_t:s0 tclass=capability host=cirithungol type=SYSCALL msg=audit(1204764278.620:80): arch=40000003 syscall=4 success=yes exit=315 a0=10 a1=b8b1e2d0 a2=13b a3=b8b19298 items=0 ppid=1 pid=2620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nmbd" exe="/usr/sbin/nmbd" subj=system_u:system_r:nmbd_t:s0 key=(null)
And restarting setroubleshoot again this traceback (third different one): Traceback (most recent call last): File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 339, in auto_save_callback self.save() File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 316, in save self.sigs.write_xml('sigs', self.filepath) File "/usr/lib/python2.5/site-packages/setroubleshoot/xml_serialize.py", line 308, in write_xml f.write(self.get_xml_text_doc(obj_name)) KeyboardInterrupt Traceback (most recent call last): File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit self.stream.write(fs % msg) ValueError: I/O operation on closed file Traceback (most recent call last): File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit self.stream.write(fs % msg) ValueError: I/O operation on closed file Traceback (most recent call last): File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit self.stream.write(fs % msg) ValueError: I/O operation on closed file Traceback (most recent call last): File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit self.stream.write(fs % msg) ValueError: I/O operation on closed file The lib file is: 346926 40 -rw------- 1 system_u:object_r:setroubleshoot_var_lib_t 0 0 33 2008-03-05 16:51 audit_listener_database.xml and log file: 347073 8 -rw-r--r-- 1 system_u:object_r:setroubleshoot_var_log_t 0 0 4 2008-03-05 16:51 setroubleshootd.log
Heh.. before you pull out your hair, my / had zero free bytes due to something else going on. This probably caused the whole issue of course, writing to a file in /var.
Seems to be working ok with space on / now and I've gone through a few reboots without seeing this. So I'll close it not a bug since zero free space on / is a pretty big problem at any time.