This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 436233 - setroubleshoot generated AVC, exiting to avoid recursion
setroubleshoot generated AVC, exiting to avoid recursion
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: setroubleshoot (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: John Dennis
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-05 19:35 EST by Andrew Farris
Modified: 2008-03-06 03:34 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-06 03:34:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
setroubleshoot-avc-recursion.txt (8.98 KB, text/plain)
2008-03-05 19:35 EST, Andrew Farris
no flags Details
audit_listener_database.xml (32.03 KB, text/xml)
2008-03-05 19:37 EST, Andrew Farris
no flags Details
setroubleshootd.log (3.48 KB, text/plain)
2008-03-05 19:37 EST, Andrew Farris
no flags Details

  None (edit)
Description Andrew Farris 2008-03-05 19:35:48 EST
Description of problem:
An AVC generated by setroubleshoot seems to have occurred and caused the daemon
to shutdown.

Mar  5 16:09:08 cirithungol setroubleshoot: [program.ERROR] setroubleshoot
generated AVC, exiting to avoid recursion,
context=system_u:system_r:setroubleshootd_t:s0, AVC
scontext=system_u:system_r:setroubleshootd_t:s0

There was also a traceback:
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 339,
in auto_save_callback
    self.save()
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 316,
in save
    self.sigs.write_xml('sigs', self.filepath)
  File "/usr/lib/python2.5/site-packages/setroubleshoot/xml_serialize.py", line
308, in write_xml
    f.write(self.get_xml_text_doc(obj_name))
KeyboardInterrupt
Traceback (most recent call last):
  File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit


Version-Release number of selected component (if applicable):
setroubleshoot-2.0.6-1.fc9.noarch

Additional info:
This happened with a new database, not the old (large) database from bug# 436032.

More info attached.
Comment 1 Andrew Farris 2008-03-05 19:35:48 EST
Created attachment 296968 [details]
setroubleshoot-avc-recursion.txt
Comment 2 Andrew Farris 2008-03-05 19:37:08 EST
Created attachment 296969 [details]
audit_listener_database.xml
Comment 3 Andrew Farris 2008-03-05 19:37:36 EST
Created attachment 296970 [details]
setroubleshootd.log
Comment 4 Andrew Farris 2008-03-05 19:46:50 EST
I also saw this in kernel messages:
Mar  5 16:38:58 cirithungol setroubleshoot: [rpc.ERROR] attempt to open server
connection failed: Connection refused

After trying to restart the service several times it succeeded (first few tries
failed to stop, but had OK on start, but still the browser could not connect).

Moments ago:
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 339,
in auto_save_callback
    self.save()
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 316,
in save
    self.sigs.write_xml('sigs', self.filepath)
  File "/usr/lib/python2.5/site-packages/setroubleshoot/xml_serialize.py", line
308, in write_xml
    f.write(self.get_xml_text_doc(obj_name))
KeyboardInterrupt
Traceback (most recent call last):
  File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit
Exception in thread Thread-2 (most likely raised during interpreter shutdown):
Traceback (most recent call last):
  File "/usr/lib/python2.5/threading.py", line 460, in __bootstrap
  File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 349,
in run
  File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 315,
in new_audit_record_handler
  File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 323,
in new_audit_event_handler
  File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 60,
in verify_avc
  File "/usr/lib/python2.5/logging/__init__.py", line 1015, in error
  File "/usr/lib/python2.5/logging/__init__.py", line 1101, in _log
  File "/usr/lib/python2.5/logging/__init__.py", line 1111, in handle
  File "/usr/lib/python2.5/logging/__init__.py", line 1148, in callHandlers
  File "/usr/lib/python2.5/logging/__init__.py", line 657, in handle
  File "/usr/lib/python2.5/logging/__init__.py", line 611, in release
  File "/usr/lib/python2.5/threading.py", line 114, in release
<type 'exceptions.TypeError'>: 'NoneType' object is not callable
Unhandled exception in thread started by 
Error in sys.excepthook:

Original exception was:

(nothing showed up here)

I'll update/relabel and see if the new kernel works while I'm at it, will get
back to this late tonight.
Comment 5 Andrew Farris 2008-03-05 19:51:20 EST
One more note, in comment #1 the attachment I had omitted this line but when
that second traceback just occurred this line is repeated again just before
(about 20 seconds) setroubleshoot goes down.

Mar  5 16:44:38 cirithungol setroubleshoot: SELinux is preventing nmbd (nmbd_t)
"sys_resource" to <Unknown> (nmbd_t). For complete SELinux messages. run sealert
-l f27e6364-5635-4f02-944b-6631e336ea89

Source Context                system_u:system_r:nmbd_t
Target Context                system_u:system_r:nmbd_t
Target Objects                None [ capability ]
Source                        nmbd
Source Path                   /usr/sbin/nmbd
Port                          <Unknown>
Host                          cirithungol
Source RPM Packages           samba-3.2.0-1.pre1.3.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-9.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     cirithungol
Platform                      Linux cirithungol 2.6.25-0.82.rc3.git2.fc9 #1 SMP
                              Sun Mar 2 23:05:25 EST 2008 i686 i686
Alert Count                   2
First Seen                    Wed Mar  5 16:08:38 2008
Last Seen                     Wed Mar  5 16:44:38 2008
Local ID                      f27e6364-5635-4f02-944b-6631e336ea89
Line Numbers                  

Raw Audit Messages            

host=cirithungol type=AVC msg=audit(1204764278.620:80): avc:  denied  {
sys_resource } for  pid=2620 comm="nmbd" capability=24
scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:system_r:nmbd_t:s0
tclass=capability

host=cirithungol type=SYSCALL msg=audit(1204764278.620:80): arch=40000003
syscall=4 success=yes exit=315 a0=10 a1=b8b1e2d0 a2=13b a3=b8b19298 items=0
ppid=1 pid=2620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="nmbd" exe="/usr/sbin/nmbd"
subj=system_u:system_r:nmbd_t:s0 key=(null)
Comment 6 Andrew Farris 2008-03-05 19:54:38 EST
And restarting setroubleshoot again this traceback (third different one):
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 339,
in auto_save_callback
    self.save()
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 316,
in save
    self.sigs.write_xml('sigs', self.filepath)
  File "/usr/lib/python2.5/site-packages/setroubleshoot/xml_serialize.py", line
308, in write_xml
    f.write(self.get_xml_text_doc(obj_name))
KeyboardInterrupt
Traceback (most recent call last):
  File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit
    self.stream.write(fs % msg)
ValueError: I/O operation on closed file
Traceback (most recent call last):
  File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit
    self.stream.write(fs % msg)
ValueError: I/O operation on closed file
Traceback (most recent call last):
  File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit
    self.stream.write(fs % msg)
ValueError: I/O operation on closed file
Traceback (most recent call last):
  File "/usr/lib/python2.5/logging/__init__.py", line 750, in emit
    self.stream.write(fs % msg)
ValueError: I/O operation on closed file


The lib file is:
346926   40 -rw-------  1 system_u:object_r:setroubleshoot_var_lib_t 0 0   33
2008-03-05 16:51 audit_listener_database.xml

and log file:
347073 8 -rw-r--r--  1 system_u:object_r:setroubleshoot_var_log_t 0 0 4
2008-03-05 16:51 setroubleshootd.log
Comment 7 Andrew Farris 2008-03-05 20:00:29 EST
Heh.. before you pull out your hair, my / had zero free bytes due to something
else going on.  This probably caused the whole issue of course, writing to a
file in /var.
Comment 8 Andrew Farris 2008-03-06 03:34:46 EST
Seems to be working ok with space on / now and I've gone through a few reboots
without seeing this.  So I'll close it not a bug since zero free space on / is a
pretty big problem at any time.

Note You need to log in before you can comment on or make changes to this bug.