Bug 511835 - setroubleshoot eats memory then dies
Summary: setroubleshoot eats memory then dies
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 517000
TreeView+ depends on / blocked
 
Reported: 2009-07-15 10:19 UTC by David Woodhouse
Modified: 2010-01-19 20:47 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-19 20:47:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
output from 'setroubleshootd -f -V' (1.38 MB, application/octet-stream)
2009-07-15 10:31 UTC, David Woodhouse 		no flags Details
/var/lib/setroubleshoot/audit_listener_database.xml (275.82 KB, application/octet-stream)
2009-07-15 10:37 UTC, David Woodhouse 		no flags Details
View All

Description David Woodhouse 2009-07-15 10:19:52 UTC 
setroubleshoot seems to keep restarting. A strace shows it just allocating more and more memory with brk(). The log keeps truncating itself but once I saw this, repeating over and over and over again....

  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 417, in delete_signature
    self.mark_modified()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 333, in mark_modified
    self.save()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 319, in save
    self.prune()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 283, in prune
    self.delete_signature(sig)
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 417, in delete_signature
    self.mark_modified()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 333, in mark_modified
    self.save()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 319, in save
    self.prune()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 283, in prune
    self.delete_signature(sig)
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 417, in delete_signature
    self.mark_modified()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 333, in mark_modified
    self.save()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 319, in save
    self.prune()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 283, in prune
    self.delete_signature(sig)
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 417, in delete_signature
    self.mark_modified()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 333, in mark_modified
    self.save()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 319, in save
    self.prune()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 283, in prune
    self.delete_signature(sig)
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 417, in delete_signature
    self.mark_modified()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 333, in mark_modified
    self.save()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 319, in save
    self.prune()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 283, in prune
    self.delete_signature(sig)
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 417, in delete_signature
    self.mark_modified()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 333, in mark_modified
    self.save()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 319, in save
    self.prune()
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 250, in prune
    self.sigs.signature_list.sort(lambda a,b: cmp(a.last_seen_date, b.last_seen_date))
  File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 250, in <lambda>
    self.sigs.signature_list.sort(lambda a,b: cmp(a.last_seen_date, b.last_seen_date))
AttributeError: TimeStamp instance has no attribute '__coerce__'
tail: setroubleshootd.log: file truncated




setroubleshoot-2.1.14-1.fc11.i586

This is a Fedora 9 machine which I've just updated to Fedora 11 with yum.
Comment 1 David Woodhouse 2009-07-15 10:31:13 UTC 
Created attachment 353803 [details]
output from 'setroubleshootd -f -V'
Comment 2 David Woodhouse 2009-07-15 10:37:49 UTC 
Created attachment 353804 [details]
/var/lib/setroubleshoot/audit_listener_database.xml

Removing the audit_listener_database made it happy again.
Comment 3 David Woodhouse 2009-07-15 10:57:54 UTC 
hm, I'm still getting this...

Message from syslogd@casper at Jul 15 11:54:01 ...
 sedispatch: AVC Message for setroubleshoot, dropping message
Comment 4 David Woodhouse 2009-07-15 11:02:46 UTC 
It's dying when it gets a SIGALRM...

[root@casper setroubleshoot]# setroubleshootd -f -V
2009-07-15 11:59:59,839 [database.DEBUG] created new database: name=audit_listener, friendly_name=Audit Listener, filepath=/var/lib/setroubleshoot/audit_listener_database.xml
2009-07-15 11:59:59,857 [database.DEBUG] database version 3.0 compatible with current 3.0 version
2009-07-15 12:00:00,164 [plugin.DEBUG] load_plugins() names=['user_tcp_server', 'allow_java_execstack', 'httpd_can_network_relay', 'httpd_bad_labels', 'public_content', 'allow_execheap', 'allow_httpd_sys_script_anon_write', 'httpd_enable_ftp_server', 'home_tmp_bad_labels', 'pppd_can_insmod', 'cvs_data', 'samba_export_all_ro', 'filesystem_associate', 'allow_ypbind', 'httpd_use_cifs', 'bind_ports', 'spamd_enable_home_dirs', 'use_nfs_home_dirs', 'qemu_blk_image', 'httpd_enable_homedirs', 'fcron_crond', 'ftpd_is_daemon', 'connect_ports', 'allow_mplayer_execstack', 'samba_share_nfs', 'allow_mount_anyfile', 'allow_smbd_anon_write', 'allow_ftpd_full_access', 'execute', 'rsync_data', 'samba_share', 'squid_connect_any', 'qemu_file_image', 'secure_mode_policyload', 'stunnel_is_daemon', 'allow_ftpd_use_cifs', 'httpd_enable_cgi', 'httpd_unified', 'httpd_tty_comm', 'swapfile', 'httpd_can_network_connect', 'allow_execstack', 'allow_daemons_use_tty', 'allow_zebra_write_config', 'device', 'prelink_mislabled', 'allow_execmem', 'read_default_t', 'httpd_use_nfs', 'allow_ftpd_anon_write', 'allow_saslauthd_read_shadow', 'allow_rsync_anon_write', 'automount_exec_config', 'nfs_export_all_rw', 'catchall', 'default', 'mounton', 'nfs_export_all_ro', 'catchall_boolean', 'allow_cvs_read_shadow', 'xen_image', 'allow_httpd_anon_write', 'httpd_builtin_scripting', 'httpd_can_network_connect_db', 'secure_mode_insmod', 'use_samba_home_dirs', 'samba_export_all_rw', 'file', 'allow_daemons_dump_core', 'allow_kerberos', 'samba_enable_home_dirs', 'named_write_master_zones', 'httpd_ssi_exec', 'restorecon', 'allow_postfix_local_write_mail_spool', 'inetd_bind_ports', 'allow_execmod', 'allow_gssd_read_tmp', 'allow_ftpd_use_nfs', 'mislabeled_file', 'ftp_home_dir', 'allow_nfsd_anon_write', 'global_ssp']
2009-07-15 12:00:00,169 [plugin.INFO] importing /usr/share/setroubleshoot/plugins/__init__ as plugins
2009-07-15 12:00:03,983 [avc.DEBUG] Number of Plugins = 83
2009-07-15 12:00:03,994 [communication.DEBUG] parse_socket_address_list: input='{unix}/var/run/setroubleshoot/setroubleshoot_server'
2009-07-15 12:00:03,995 [communication.DEBUG] parse_socket_address_list: {unix}/var/run/setroubleshoot/setroubleshoot_server --> {unix}/var/run/setroubleshoot/setroubleshoot_server socket=None
2009-07-15 12:00:03,999 [communication.DEBUG] new_listening_socket: {unix}/var/run/setroubleshoot/setroubleshoot_server socket=None
2009-07-15 12:00:04,002 [server.INFO] creating system dbus: bus_name=org.fedoraproject.Setroubleshootd object_path=/org/fedoraproject/Setroubleshootd interface=org.fedoraproject.SetroubleshootdIface
2009-07-15 12:00:04,004 [server.DEBUG] dbus __init__ /org/fedoraproject/Setroubleshootd called
2009-07-15 12:00:14,004 [server.DEBUG] received signal=14
2009-07-15 12:00:14,005 [server.DEBUG] KeyboardInterrupt in RunFaultServer
2009-07-15 12:00:14,006 [database.DEBUG] writing database (/var/lib/setroubleshoot/audit_listener_database.xml) modified_count=0
Comment 5 Daniel Walsh 2009-07-15 13:33:55 UTC 
This means that setroubleshoot is seeing messages about it self.

What does

audit2allow -la

Say
Comment 6 David Woodhouse 2009-07-15 13:54:27 UTC 
#============= setroubleshootd_t ==============
allow setroubleshootd_t home_root_t:lnk_file read;
allow setroubleshootd_t httpd_user_content_t:lnk_file read;
Comment 7 Daniel Walsh 2009-07-15 15:04:09 UTC 
Add those rules using audit2allow -M mysetroubleshoot 
and semodule -i mysetroubleshoot.pp

And the problem will (should) go away.
Comment 8 Daniel Walsh 2009-07-15 15:04:47 UTC 
You set up a link in your /home directory, is this confusig other confined apps?
Comment 9 Daniel Walsh 2009-07-15 15:07:53 UTC 
Miroslav, 

rawhide policy has

files_read_all_symlinks(setroubleshootd_t)

Can you add this to F10 and F11.
Comment 10 David Woodhouse 2009-07-15 15:59:31 UTC 
I've had a symlink from /home/dwmw2/public_html to /var/www/dwmw2 for a _long_ time now; I've never noticed any other fallout from it.
Comment 11 David Woodhouse 2009-07-15 16:01:14 UTC 
(In reply to comment #10)
> I've had a symlink from /home/dwmw2/public_html to /var/www/dwmw2 for a _long_
> time now; I've never noticed any other fallout from it.  

... although it's running in permissive mode and I never look at the logs.
Comment 12 Daniel Walsh 2009-07-15 17:33:49 UTC 
RUn audit2allow -la 

And I bet you will see a lot of programs trying to read the link

The avc is complaining about a link in /home, or your whole homedir is labeled incorectly.


restorecon -R -v /home
Comment 13 Miroslav Grepl 2009-07-21 16:49:19 UTC 
(In reply to comment #9)
> Miroslav, 
> 
> rawhide policy has
> 
> files_read_all_symlinks(setroubleshootd_t)
> 
> Can you add this to F10 and F11.  

Fixed in selinux-policy-3.6.12-69.fc11 and selinux-policy-3.5.13-67.fc10
Note You need to log in before you can comment on or make changes to this bug.