Created attachment 405685 [details] Screenshot of the incident Description of problem: After submiting auto-generated report from bug buddy to redhat bugzilla, following alert appears: # START OF ALERT Your bug could not be filed due to bad information in the bug fields. This is most likely an error in the bug filing program: required field missing or empty: 'summary' # END OF ALERT ------------------------------------------------------------------------------ This is a full error output which is being submited: # START OF ERROR OUTPUT Summary: Detailed Description: SELinux denied access requested by shutdown. It is not expected that this access is required by shutdown and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:consolekit_t:s0-s0:c0.c1023 Target Context system_u:system_r:init_t:s0 Target Objects [ unix_stream_socket ] Source shutdown Source Path /sbin/shutdown Port <Unknown> Host (removed) Source RPM Packages upstart-0.6.5-3.fc13 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.15-4.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux smatbook.setuid.cc 2.6.33.1-19.fc13.i686.PAE #1 SMP Sat Mar 20 02:15:28 UTC 2010 i686 i686 Alert Count 3 First Seen Fri 09 Apr 2010 02:19:43 AM CEST Last Seen Fri 09 Apr 2010 02:21:19 AM CEST Local ID 31e07287-45c5-4451-a1cc-a6a0f05ec35f Line Numbers Raw Audit Messages node=smatbook.setuid.cc type=AVC msg=audit(1270772479.634:71): avc: denied { connectto } for pid=7245 comm="shutdown" path=002F636F6D2F7562756E74752F75707374617274 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket node=smatbook.setuid.cc type=SYSCALL msg=audit(1270772479.634:71): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf922b20 a2=851ff4 a3=bf922ccc items=0 ppid=7243 pid=7245 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="shutdown" exe="/sbin/shutdown" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null) # END OF ERROR OUTPUT ------------------------------------------------------------------------------ This is review of bug report before alert # START OF REVIEW OF BUG REPORT Summary: Detailed Description: SELinux denied access requested by shutdown. It is not expected that this access is required by shutdown and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:consolekit_t:s0-s0:c0.c1023 Target Context system_u:system_r:init_t:s0 Target Objects [ unix_stream_socket ] Source shutdown Source Path /sbin/shutdown Port <Unknown> Host (removed) Source RPM Packages upstart-0.6.5-3.fc13 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.15-4.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux smatbook.setuid.cc 2.6.33.1-19.fc13.i686.PAE #1 SMP Sat Mar 20 02:15:28 UTC 2010 i686 i686 Alert Count 3 First Seen Fri 09 Apr 2010 02:19:43 AM CEST Last Seen Fri 09 Apr 2010 02:21:19 AM CEST Local ID 31e07287-45c5-4451-a1cc-a6a0f05ec35f Line Numbers Raw Audit Messages node=smatbook.setuid.cc type=AVC msg=audit(1270772479.634:71): avc: denied { connectto } for pid=7245 comm="shutdown" path=002F636F6D2F7562756E74752F75707374617274 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket node=smatbook.setuid.cc type=SYSCALL msg=audit(1270772479.634:71): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf922b20 a2=851ff4 a3=bf922ccc items=0 ppid=7243 pid=7245 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="shutdown" exe="/sbin/shutdown" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null) # END OF REVIEW OF BUG REPORT ------------------------------------------------------------------------------ Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Multiple SELinux policy alert appeared. (First of them was submited sucesfully. Problematic alert was already detaily mentioned. 2. Select to report "problematic alert" to bugzilla.redhat.com 3. Review report and click submit Actual results: Your bug could not be filed due to bad information in the bug fields. This is most likely an error in the bug filing program: required field missing or empty: 'summary' Expected results: Submited bug Additional info: [setuid@smatbook ~]$ rpm -qa | grep bug python-bugzilla-0.5.1-3.fc12.noarch report-config-bugzilla-redhat-com-0.10-5.fc13.i686 report-plugin-bugzilla-0.10-5.fc13.i686 abrt-plugin-bugzilla-1.0.9-1.fc13.i686
I got this too. Lubos: You said bug buddy, but I assume that you meant sealert (confusingly also known as "SELinux Troubleshooter" and "SELinux Security Alerts"), so I will reassign there. setroubleshoot-2.2.69-1.fc13.i686 setroubleshoot-server-2.2.69-1.fc13.i686 report-0.10-5.fc13.i686 report-config-bugzilla-redhat-com-0.10-5.fc13.i686 report-gtk-0.10-5.fc13.i686 report-plugin-bugzilla-0.10-5.fc13.i686 selinux-policy-3.7.15-4.fc13.noarch selinux-policy-targeted-3.7.15-4.fc13.noarch The text of the report which did not have a description: Summary: Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by plymouth. It is not expected that this access is required by plymouth and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects [ unix_stream_socket ] Source plymouth Source Path /bin/plymouth Port <Unknown> Host (removed) Source RPM Packages plymouth-0.8.1-3.fc13 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.15-4.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux local 2.6.33.2-46.fc13.i686.PAE #1 SMP Wed Apr 14 13:42:15 UTC 2010 i686 i686 Alert Count 1 First Seen Wed 14 Apr 2010 10:34:13 PM CEST Last Seen Wed 14 Apr 2010 10:34:13 PM CEST Local ID c1392d5b-7550-4a09-a857-ffa583f92f0c Line Numbers Raw Audit Messages node=local type=AVC msg=audit(1271277253.437:6): avc: denied { connectto } for pid=1818 comm="plymouth" path=002F706C792D626F6F742D70726F746F636F6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket node=local type=SYSCALL msg=audit(1271277253.437:6): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe8f520 a2=48d73c a3=6 items=0 ppid=1816 pid=1818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="plymouth" exe="/bin/plymouth" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
/var/log/messages contained Apr 14 22:42:57 local : report: Unable To File Bug:Your bug could not be filed due to bad information in the bug fields. This is most likely an error in the bug filing program:#012#012required field missing or empty: 'summary' - but report probably just forwards the unexpected input.
I think this might be a bug in report. Since I have not touched this code. It seems to work for me on F13, but I am having a hard time getting to the latest updates. rpm -q report
A FYI observation: Did you notice that the report text (which I assume is generated by setroubleshoot before report gets involved) don't have a summary? I assumed that that indicated that the problem was in the SE-specific code and proved report not guilty.
Maybe you are right. there should be an sealert command in the /var/log/messages, that shows the avc, could you execute that and see if there is a summary? I am not able to generate this problem on my F13 box. rpm -q setroubleshoot setroubleshoot-2.2.72-1.fc13.x86_64 Which is available from Koji. Are you using a Non English version?
Hello sorry for late response bash-4.1$ sudo rpm -q settroubleshoot package settroubleshoot is not installed Have you seen that attached screenshot? I'm not sure if we're speaking about the same utility. Anyway this case appeared only in this specific report.
sudo rpm -q setroubleshoot One t
Reproduced with setroubleshoot-2.2.72-1.fc13.i686 This seems to happen on shutdown, consistently 5 seconds after abrt got signal 15: Apr 15 01:41:25 local setroubleshoot: [avc.ERROR] Plugin Exception catchall #012Traceback (most recent call last):#012 File "/usr/lib/python2.6/site-packages/setroubleshoot/analyze.py", line 156, in analyze _avc#012 report_receiver.report_problem(report)#012 File "/usr/lib/python2.6/site-packages/setroubleshoot/server.py", line 205, in report_problem#012 syslog.syslog(syslog.LOG_ERR, summary + _(" For co mplete SELinux messages. run sealert -l %s" % siginfo.local_id ))#012TypeError: [priority,] message string Apr 15 01:41:25 local setroubleshoot: SELinux is preventing /sbin/plymouthd "open" access on tty63. For complete SELinux messages. run sealert -l 70af7e07-9c39-43a9-87da-f34398e976da However, # sealert -l 5bb991aa-61c4-42d7-935d-58765d8f8b6b query_alerts error (1003): id (5bb991aa-61c4-42d7-935d-58765d8f8b6b) not found [How come the stacktrace wasn't caught by abrt? Do setroubleshoot have its own crash handler? Wouldn't it be better to leave that to abrt now?]
I don't know. Ca
The avc will be Fixed in selinux-policy-3.7.19-2.fc13.noarch
If anyone can reproduce this, please, instead of reporting it to bugzilla, do a "localsave". Give it the full pathname of a directory to save the file in, and then attached the created file to this bz. The bugzilla plugin for the report library is not looking for or dealing with an all blank or zero length summary. I will fix this in the next version of report. If I can get the above 'localsave' file, I can verify that this is the cause of this problem.
I can confirm that selinux-policy-3.7.19-2.fc13.noarch fixes the avc, but now I can no longer reproduce the problem, even though I downgrade everything I can imagine is relevant. Lubos, can you reproduce? I notice that my upgraded system still had libsemanage 2.0.45 from f12, because f13 only had 2.0.43. I don't know if that can have any influence. IMHO it would be fine if report could handle blank summaries, but it would be far better if we found the reason to why such reports are created in the first place and got that fixed. (And by the way: Not using any kind of localization here.)
I have the problem and am working on a fix. The problem is caused by /ply-boot-protocol path, which is an abstract socket. When python decodes the hex, it adds NULLS before and after the string, which is causing the setroubleshoot to blow up in certain sections, and ends up write "" to the database. I have replaces the NULLS with @ and it ends up with a string like Summary: SELinux is preventing /bin/plymouth "connectto" access on @/ply-boot-protocol. Detailed Description: [plymouth has a permissive type (xdm_t). This access was not denied.] SELinux denied access requested by plymouth. It is not expected that this access is required by plymouth and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects @/ply-boot-protocol [ unix_stream_socket ] Source plymouth Source Path /bin/plymouth Port <Unknown> Host local Source RPM Packages plymouth-0.8.1-3.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-1.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.33.1-24.fc13.x86_64 #1 SMP Tue Mar 30 18:21:22 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Wed 14 Apr 2010 04:34:13 PM EDT Last Seen Wed 14 Apr 2010 04:34:13 PM EDT Local ID b405a1e5-8540-4145-ad23-2a684055d904 Line Numbers Raw Audit Messages node=local type=AVC msg=audit(1271277253.437:6): avc: denied { connectto } for pid=1818 comm="plymouth" path=002F706C792D626F6F742D70726F746F636F6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket node=local type=SYSCALL msg=audit(1271277253.437:6): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe8f520 a2=48d73c a3=6 items=0 ppid=1816 pid=1818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="plymouth" exe="/bin/plymouth" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Fixed in setroubleshoot-2.2.73-1.fc13 BTW You can test this by taking the output from Delete the AVC #ausearch -m avc | /usr/sbin/sedispatch
sedispatch gave/caused the following with setroubleshoot-2.2.72-1.fc13.i686 - is that fixed in setroubleshoot-2.2.73-1.fc13.i686 too? Got Reply: Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/dbus/service.py", line 702, in _message_cb retval = candidate_method(self, *args, **keywords) File "/usr/lib/python2.6/site-packages/setroubleshoot/server.py", line 501, in avc self.add(AVC(audit_event)) File "/usr/lib/python2.6/site-packages/setroubleshoot/audit_data.py", line 586, in __init__ self.derive_avc_info_from_audit_event() File "/usr/lib/python2.6/site-packages/setroubleshoot/audit_data.py", line 884, in derive_avc_info_from_audit_event raise ValueError("Invalid AVC %s, it is allowed in current policy" % avc) NameError: global name 'avc' is not defined
setroubleshoot-2.2.73-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/setroubleshoot-2.2.73-1.fc13
nope
I confirm that setroubleshoot-2.2.73-1.fc13.i686 works and allowed me to file Bug 583125 - SELinux is preventing /sbin/shutdown "connectto" access on @/com/ubuntu/upstart. Stacktrace reported in Bug 583133 - NameError: global name 'avc' is not defined
Hello bug is no longer reproducible by me. But I see that you already have stack from it. Lubos
setroubleshoot-2.2.74-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update setroubleshoot'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/setroubleshoot-2.2.74-1.fc13
setroubleshoot-2.2.74-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.