Description of problem: The SELinux Troubleshooter fails to start when selected from the Applications/System Tools menu. Version-Release number of selected component (if applicable): $ rpm -q setroubleshoot setroubleshoot-server setroubleshoot-2.2.96-1.fc13.x86_64 setroubleshoot-server-2.2.96-1.fc13.x86_64 How reproducible: Every time that SELinux Troubleshooter is selected from the System Tools menu, or when "/usr/bin/sealert -bv" is run from the shell prompt. Steps to Reproduce: 1. Either select "SELinux Troubleshooter" from the Applications/System Tools menu or enter "/usr/bin/sealert -bv" at the shell prompt. Actual results: setroubleshoot: abrt: detected unhandled Python exception in /usr/sbin/setroubleshootd setroubleshoot: [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with unknown return code 1 setroubleshoot: [dbus.proxies.ERROR] Introspect error on :1.136:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) setroubleshoot: [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.136 was not provided by any .service files Expected results: Expected the SELinux Troubleshooter application to start.
Is your session bus running? Are you running this as a user or as root?
(In reply to comment #1) > Is your session bus running? Are you running this as a user or as root? I am running as an ordinary user, using the GNOME desktop. Here is the output from the 'service messagebus status' and 'sealert -bv' commands from a few minutes ago. Please let me know if there is more information that I can provide you. $ sudo service messagebus status dbus-daemon (pid 2696 1627 1064) is running... $ sudo sealert -bv 2010-09-13 13:06:54,643 [dbus.proxies.ERROR] Introspect error on :1.3:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-09-13 13:06:54,647 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.3 was not provided by any .service files $ sealert -bv 2010-09-13 13:07:01,968 [dbus.proxies.ERROR] Introspect error on :1.107:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-09-13 13:07:01,972 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.107 was not provided by any .service files
If you run sealert -s does this work?
(In reply to comment #3) > If you run > sealert -s > does this work? $ sealert -s Service Exception AttributeError: "'SETroubleshootdDBus' object has no attribute 'iface'" in <bound method SETroubleshootdDBus.__del__ of <SETroubleshootdDBus object at 0x1f7e640 (__main__+SETroubleshootdDBus at 0x1f51d00)>> ignored $ sudo sealert -s Service Exception AttributeError: "'SETroubleshootdDBus' object has no attribute 'iface'" in <bound method SETroubleshootdDBus.__del__ of <SETroubleshootdDBus object at 0x17f3500 (__main__+SETroubleshootdDBus at 0x17c5b00)>> ignored
You you see if something is screwed up in the install. yum reinstall setroubleshoot-server setroubleshoot
(In reply to comment #5) > You you see if something is screwed up in the install. > > yum reinstall setroubleshoot-server setroubleshoot $ rpm -V setroubleshoot-server setroubleshoot || echo $? missing /etc/audisp/plugins.d/sedispatch.conf (Permission denied) 1 $ sudo rpm -V setroubleshoot-server setroubleshoot && echo $? 0 $ sudo yum reinstall setroubleshoot-server setroubleshoot ... (partial log of output -- let me know if you want the full log) Installed: setroubleshoot.x86_64 0:2.2.96-1.fc13 setroubleshoot-server.x86_64 0:2.2.96-1.fc13 Complete! $ rpm -V setroubleshoot-server setroubleshoot missing /etc/audisp/plugins.d/sedispatch.conf (Permission denied) $ sealert -s Service Exception AttributeError: "'SETroubleshootdDBus' object has no attribute 'iface'" in <bound method SETroubleshootdDBus.__del__ of <SETroubleshootdDBus object at 0x2f04640 (__main__+SETroubleshootdDBus at 0x2ed7900)>> ignored $ sealert -bv 2010-09-13 15:14:50,283 [dbus.proxies.ERROR] Introspect error on :1.103:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-09-13 15:14:50,320 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.103 was not provided by any .service files
Are you seeing anything in /var/log/messages or /var/log/setroubleshoot/setroubleshoot.log?
(In reply to comment #7) > Are you seeing anything in /var/log/messages or > /var/log/setroubleshoot/setroubleshoot.log? Second one first: All of the recent setroubleshootd.log files are empty (I assume that you meant setroubleshootd.log and not setroubleshoot.log -- there are not setroubleshoot.log files). # ls -l /var/log/setroubleshoot/* -rw-r--r--. 1 root root 0 Sep 13 15:15 /var/log/setroubleshoot/setroubleshootd.log -rw-r--r--. 1 root root 0 Sep 5 16:31 /var/log/setroubleshoot/setroubleshootd.log-20100905 -rw-r--r--. 1 root root 0 Sep 12 01:48 /var/log/setroubleshoot/setroubleshootd.log-20100912 The error messages in /var/log/messages appear to be related to the 'sealert' commands. Here are a few lines. I will continue looking to see if I can find anything that is possibly relevant. # tail /var/log/messages: ]# tail -4 messages Sep 13 15:15:34 localhost setroubleshoot: [dbus.proxies.ERROR] Introspect error on :1.1:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) Sep 13 15:15:34 localhost setroubleshoot: [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.1 was not provided by any .service files Sep 13 15:15:42 localhost setroubleshoot: abrt: detected unhandled Python exception in /usr/sbin/setroubleshootd Sep 13 15:15:42 localhost setroubleshoot: [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with unknown return code 1 Also, in case it is of some use: # tail /var/log/dmesg: EXT4-fs (sda1): mounted filesystem with ordered data mode SELinux: initialized (dev sda1, type ext4), uses xattr EXT4-fs (dm-2): mounted filesystem with ordered data mode SELinux: initialized (dev dm-2, type ext4), uses xattr EXT4-fs (dm-1): mounted filesystem with ordered data mode SELinux: initialized (dev dm-1, type ext4), uses xattr Adding 2097148k swap on /dev/mapper/VolGroup00-LogVol01. Priority:-1 extents:1 across:2097148k SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
Also, I followed these instructions recently (yesterday) to convert my partitions' file system type from the EXT3 to the EXT4: http://fedoraproject.org/wiki/Ext4_in_Fedora_11#How_do_I_migrate_from_Ext3_to_Ext4.3F There is no mention on that wiki page of any ramifications for SELinux. Am I correct in assuming that SELinux is transparent with respect to file system type, or are there some steps that need to be taken after converting to EXT4?
Yes it should not be a problem. Are you seeing AVC message ausearch -m avc -ts recent Also does abrt have any information like a python traceback?
(In reply to comment #10) > Yes it should not be a problem. > > Are you seeing AVC message > > ausearch -m avc -ts recent # ausearch -m avc -ts recent || echo $? <no matches> 1 > > Also does abrt have any information like a python traceback? No tracebacks, just the 'abrt' messages in /var/log/messages: Sep 13 14:46:42 localhost abrtd: Checking for unsaved crashes (dirs to check:2) Sep 13 14:46:42 localhost abrtd: Can't create lock file '/var/spool/abrt/ccpp-1283757421-4257.lock': Permission denied Sep 13 14:50:00 localhost setroubleshoot: abrt: detected unhandled Python exception in /usr/sbin/setroubleshootd # /bin/ls -ld /var drwxr-xr-x. 24 root root 4096 Sep 11 21:59 /var # /bin/ls -ld /var/spool drwxr-xr-x. 15 root root 4096 Oct 1 2009 /var/spool # /bin/ls -ld /var/spool/abrt drwxr-xr-x. 4 abrt abrt 4096 Aug 16 09:22 /var/spool/abrt
(In reply to comment #10) > Yes it should not be a problem. > > Are you seeing AVC message > Also, there is this from /var/log/messages: # grep -i avc /var/log/messages Sep 12 21:40:01 localhost dbus: avc: received policyload notice (seqno=2) Sep 13 00:25:31 localhost dbus: avc: received setenforce notice (enforcing=0) Sep 13 00:25:31 localhost dbus: avc: received setenforce notice (enforcing=0) Sep 13 00:25:31 localhost dbus: avc: received setenforce notice (enforcing=0) Sep 13 00:25:49 localhost dbus: avc: received setenforce notice (enforcing=1) Sep 13 00:25:49 localhost dbus: avc: received setenforce notice (enforcing=1) Sep 13 00:25:49 localhost dbus: avc: received setenforce notice (enforcing=1) I had attempted to resolve problems by switching from 'enforcing' to 'permissive'.
If you become root and execute setroubleshoot -f Does it throw an exception?
(In reply to comment #13) > If you become root and execute > setroubleshoot -f > > Does it throw an exception? $ su - Password: # setroubleshoot -f -bash: setroubleshoot: command not found # whereis setroubleshoot setroubleshoot: /etc/setroubleshoot /usr/share/setroubleshoot # echo $PATH /usr/lib64/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
(In reply to comment #13) > If you become root and execute > setroubleshoot -f > > Does it throw an exception? Did you mean 'setroubleshootd'? # setroubleshootd -f Traceback (most recent call last): File "/usr/sbin/setroubleshootd", line 43, in <module> name, val = i.split("=") ValueError: need more than 1 value to unpack
What does your /etc/sysconfig/i18n look like?
Fixed in setroubleshoot-2.2.98-1
If you fix your /etc/sysconfig/i18n it should work. I have changed the code to not crash if this file is not setup correctly.
setroubleshoot-2.2.98-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/setroubleshoot-2.2.98-1.fc13
(In reply to comment #16) > What does your /etc/sysconfig/i18n look like? It has two non-comment lines (and several comment lines, that is, starting with the "#" character). The non-comment lines are: $ grep -Ev '^#' /etc/sysconfig/i18n LANG="en_US.UTF-8" SYSFONT="ter-u16b"
(In reply to comment #18) > If you fix your /etc/sysconfig/i18n it should work. I have changed the code to > not crash if this file is not setup correctly. Can you tell me what might be incorrect about my i18n file? I would like to fix it so that it works with the current version of 'setroubleshoot'.
What do your comment lines look like? There is a bug in setroubleshoot that is misreading your file. I think there is a line like LANG = With nothing after the = ?
Basically if there is a line without a = it will blow up
setroubleshoot-2.2.98-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update setroubleshoot'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/setroubleshoot-2.2.98-1.fc13
(In reply to comment #23) > Basically if there is a line without a = it will blow up I removed all lines from /etc/sysconfig/i18n except the two I listed in Comment #20. I am now able to start /usr/sbin/setroubleshootd with the '-f' option without any errors or traceback. I am also able to start the SELinux Troubleshooter application from the Applications/System Tools menu without any errors. Will the next release of 'setroubleshoot' allow me to restore the comment lines to /etc/sysconfig/i18n? Will there be an update to 'setroubleshoot-server', too?
Yes, Download https://admin.fedoraproject.org/updates/setroubleshoot-2.2.98-1.fc13 And try it out. If it fixes your problem update the karma. Or you can just install it by executing yum -y update --enablerepo=updates-testing setroubleshoot\*
(In reply to comment #26) > Yes, > > Download https://admin.fedoraproject.org/updates/setroubleshoot-2.2.98-1.fc13 > > And try it out. If it fixes your problem update the karma. > > Or you can just install it by executing > > yum -y update --enablerepo=updates-testing setroubleshoot\* Confirmed. After installing the setroubleshoot* packages from the 'updates-testing' repository and restoring my comments in the configuration file /etc/sysconfig/i18n, I am able to start the SELinux Troubleshooter, both from the Applications/System Tools menu and from the shell prompt ('sealert').
setroubleshoot-2.2.99-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/setroubleshoot-2.2.99-1.fc13
setroubleshoot-2.2.99-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.