Bug 585575 - sealert dumps core
sealert dumps core
Product: Fedora
Classification: Fedora
Component: setroubleshoot (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2010-04-24 17:00 EDT by Göran Uddeborg
Modified: 2010-04-26 15:51 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-04-26 12:03:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Some information from a look at the crash with gdb. (2.76 KB, application/octet-stream)
2010-04-24 17:00 EDT, Göran Uddeborg
no flags Details
An audit log with just one entry which triggers the problem for me (559 bytes, text/plain)
2010-04-26 10:04 EDT, Göran Uddeborg
no flags Details

  None (edit)
Description Göran Uddeborg 2010-04-24 17:00:16 EDT
Created attachment 408886 [details]
Some information from a look at the crash with gdb.

Description of problem:
I ran "sealert -a /var/log/audit/audit.log" (to check if bug 539286 had been fixed in my environment too) and it started to count percent.  But then it finishes with a core dump.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1.sealert -a /var/log/audit/audit.log
Actual results:
It counts percents up to 100%, and then dumps core.

Additional info:
My system is not completely upgraded to F13 test.  This problem could thus be caused by some incompatibility.  But I BELIEVE I have updated all packages involved here.  In particular, I have


I installed libeselinux-debuginfo, and took a brief look in gdb where this was happening.  I attach a typescript output, hoping it might be of some help.
Comment 1 Carl G. 2010-04-25 22:41:56 EDT
setroubleshoot* components are up to date ?

I tried to reproduce it without any success.

Fedora Bugzappers volunteer triage team
Comment 2 Daniel Walsh 2010-04-26 09:48:31 EDT
Carl email me the audit.log that is causing this.
Comment 3 Göran Uddeborg 2010-04-26 10:04:11 EDT
Created attachment 409179 [details]
An audit log with just one entry which triggers the problem for me
Comment 4 Göran Uddeborg 2010-04-26 10:09:01 EDT
(In reply to comment #1)
> setroubleshoot* components are up to date ?

Ah, I should of course have mentioned that too.  Thanks for pointing that out.


(In reply to comment #2)
> Carl email me the audit.log that is causing this.    

I (not Carl, he's just helping) have seen this happen with different log files.  But not all logs trigger it.  As you can see, I have attached a stripped down audit.log with just one entry.  In case you wonder, it was an AVC I caused intentionally while investigating this, so it doesn't reflect a real problem.
Comment 5 Daniel Walsh 2010-04-26 11:57:32 EDT
That AVC works for me with setroubleshoot-2.2.76-1.fc13.x86_64
Comment 6 Göran Uddeborg 2010-04-26 12:03:25 EDT
Ok, then it has to be something in my mixed setup after all.  Sorry for wasting your time. I'll continue on my own instead.
Comment 7 Daniel Walsh 2010-04-26 12:07:40 EDT
Maybe.  See if you or Carl can get this to happen on another machine.
Comment 8 Carl G. 2010-04-26 12:24:10 EDT
I'm going to try it w. the attached AVC later.
Comment 9 Carl G. 2010-04-26 15:51:40 EDT
Works for me.

Note You need to log in before you can comment on or make changes to this bug.