Bug 585575 - sealert dumps core
Summary: sealert dumps core
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-24 21:00 UTC by Göran Uddeborg
Modified: 2010-04-26 19:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-04-26 16:03:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Some information from a look at the crash with gdb. (2.76 KB, application/octet-stream)
2010-04-24 21:00 UTC, Göran Uddeborg 		no flags Details
An audit log with just one entry which triggers the problem for me (559 bytes, text/plain)
2010-04-26 14:04 UTC, Göran Uddeborg 		no flags Details
View All

Description Göran Uddeborg 2010-04-24 21:00:16 UTC 
Created attachment 408886 [details]
Some information from a look at the crash with gdb.

Description of problem:
I ran "sealert -a /var/log/audit/audit.log" (to check if bug 539286 had been fixed in my environment too) and it started to count percent.  But then it finishes with a core dump.

Version-Release number of selected component (if applicable):
setroubleshoot-server-2.2.76-1.fc13.x86_64

How reproducible:
Every time

Steps to Reproduce:
1.sealert -a /var/log/audit/audit.log
  
Actual results:
It counts percents up to 100%, and then dumps core.

Additional info:
My system is not completely upgraded to F13 test.  This problem could thus be caused by some incompatibility.  But I BELIEVE I have updated all packages involved here.  In particular, I have

glib2-2.24.0-1.fc13.x86_64
libselinux-python-2.0.90-5.fc13.x86_64
pygobject2-2.21.1-3.fc13.x86_64
python-2.6.4-25.fc13.x86_64
python-libs-2.6.4-25.fc13.x86_64

I installed libeselinux-debuginfo, and took a brief look in gdb where this was happening.  I attach a typescript output, hoping it might be of some help.
Comment 1 Carl G. 2010-04-26 02:41:56 UTC 
setroubleshoot* components are up to date ?

I tried to reproduce it without any success.
---

Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 2 Daniel Walsh 2010-04-26 13:48:31 UTC 
Carl email me the audit.log that is causing this.
Comment 3 Göran Uddeborg 2010-04-26 14:04:11 UTC 
Created attachment 409179 [details]
An audit log with just one entry which triggers the problem for me
Comment 4 Göran Uddeborg 2010-04-26 14:09:01 UTC 
(In reply to comment #1)
> setroubleshoot* components are up to date ?

Ah, I should of course have mentioned that too.  Thanks for pointing that out.

setroubleshoot-2.2.76-1.fc13.x86_64
setroubleshoot-plugins-2.1.37-1.fc12.noarch
setroubleshoot-server-2.2.76-1.fc13.x86_64

(In reply to comment #2)
> Carl email me the audit.log that is causing this.    

I (not Carl, he's just helping) have seen this happen with different log files.  But not all logs trigger it.  As you can see, I have attached a stripped down audit.log with just one entry.  In case you wonder, it was an AVC I caused intentionally while investigating this, so it doesn't reflect a real problem.
Comment 5 Daniel Walsh 2010-04-26 15:57:32 UTC 
That AVC works for me with setroubleshoot-2.2.76-1.fc13.x86_64
Comment 6 Göran Uddeborg 2010-04-26 16:03:25 UTC 
Ok, then it has to be something in my mixed setup after all.  Sorry for wasting your time. I'll continue on my own instead.
Comment 7 Daniel Walsh 2010-04-26 16:07:40 UTC 
Maybe.  See if you or Carl can get this to happen on another machine.
Comment 8 Carl G. 2010-04-26 16:24:10 UTC 
I'm going to try it w. the attached AVC later.
Comment 9 Carl G. 2010-04-26 19:51:40 UTC 
Works for me.
Note You need to log in before you can comment on or make changes to this bug.