Red Hat Bugzilla – Bug 585575
sealert dumps core
Last modified: 2010-04-26 15:51:40 EDT
Created attachment 408886 [details]
Some information from a look at the crash with gdb.
Description of problem:
I ran "sealert -a /var/log/audit/audit.log" (to check if bug 539286 had been fixed in my environment too) and it started to count percent. But then it finishes with a core dump.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.sealert -a /var/log/audit/audit.log
It counts percents up to 100%, and then dumps core.
My system is not completely upgraded to F13 test. This problem could thus be caused by some incompatibility. But I BELIEVE I have updated all packages involved here. In particular, I have
I installed libeselinux-debuginfo, and took a brief look in gdb where this was happening. I attach a typescript output, hoping it might be of some help.
setroubleshoot* components are up to date ?
I tried to reproduce it without any success.
Fedora Bugzappers volunteer triage team
Carl email me the audit.log that is causing this.
Created attachment 409179 [details]
An audit log with just one entry which triggers the problem for me
(In reply to comment #1)
> setroubleshoot* components are up to date ?
Ah, I should of course have mentioned that too. Thanks for pointing that out.
(In reply to comment #2)
> Carl email me the audit.log that is causing this.
I (not Carl, he's just helping) have seen this happen with different log files. But not all logs trigger it. As you can see, I have attached a stripped down audit.log with just one entry. In case you wonder, it was an AVC I caused intentionally while investigating this, so it doesn't reflect a real problem.
That AVC works for me with setroubleshoot-2.2.76-1.fc13.x86_64
Ok, then it has to be something in my mixed setup after all. Sorry for wasting your time. I'll continue on my own instead.
Maybe. See if you or Carl can get this to happen on another machine.
I'm going to try it w. the attached AVC later.
Works for me.