Bug 585575 - sealert dumps core
Summary: sealert dumps core
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 13
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2010-04-24 21:00 UTC by Göran Uddeborg
Modified: 2010-04-26 19:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-04-26 16:03:25 UTC
Type: ---

Attachments (Terms of Use)
Some information from a look at the crash with gdb. (2.76 KB, application/octet-stream)
2010-04-24 21:00 UTC, Göran Uddeborg
no flags Details
An audit log with just one entry which triggers the problem for me (559 bytes, text/plain)
2010-04-26 14:04 UTC, Göran Uddeborg
no flags Details

Description Göran Uddeborg 2010-04-24 21:00:16 UTC
Created attachment 408886 [details]
Some information from a look at the crash with gdb.

Description of problem:
I ran "sealert -a /var/log/audit/audit.log" (to check if bug 539286 had been fixed in my environment too) and it started to count percent.  But then it finishes with a core dump.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1.sealert -a /var/log/audit/audit.log
Actual results:
It counts percents up to 100%, and then dumps core.

Additional info:
My system is not completely upgraded to F13 test.  This problem could thus be caused by some incompatibility.  But I BELIEVE I have updated all packages involved here.  In particular, I have


I installed libeselinux-debuginfo, and took a brief look in gdb where this was happening.  I attach a typescript output, hoping it might be of some help.

Comment 1 Carl G. 2010-04-26 02:41:56 UTC
setroubleshoot* components are up to date ?

I tried to reproduce it without any success.

Fedora Bugzappers volunteer triage team

Comment 2 Daniel Walsh 2010-04-26 13:48:31 UTC
Carl email me the audit.log that is causing this.

Comment 3 Göran Uddeborg 2010-04-26 14:04:11 UTC
Created attachment 409179 [details]
An audit log with just one entry which triggers the problem for me

Comment 4 Göran Uddeborg 2010-04-26 14:09:01 UTC
(In reply to comment #1)
> setroubleshoot* components are up to date ?

Ah, I should of course have mentioned that too.  Thanks for pointing that out.


(In reply to comment #2)
> Carl email me the audit.log that is causing this.    

I (not Carl, he's just helping) have seen this happen with different log files.  But not all logs trigger it.  As you can see, I have attached a stripped down audit.log with just one entry.  In case you wonder, it was an AVC I caused intentionally while investigating this, so it doesn't reflect a real problem.

Comment 5 Daniel Walsh 2010-04-26 15:57:32 UTC
That AVC works for me with setroubleshoot-2.2.76-1.fc13.x86_64

Comment 6 Göran Uddeborg 2010-04-26 16:03:25 UTC
Ok, then it has to be something in my mixed setup after all.  Sorry for wasting your time. I'll continue on my own instead.

Comment 7 Daniel Walsh 2010-04-26 16:07:40 UTC
Maybe.  See if you or Carl can get this to happen on another machine.

Comment 8 Carl G. 2010-04-26 16:24:10 UTC
I'm going to try it w. the attached AVC later.

Comment 9 Carl G. 2010-04-26 19:51:40 UTC
Works for me.

Note You need to log in before you can comment on or make changes to this bug.