Bug 640472 - setroubleshoot doesn't handle hex register values correctly
Summary: setroubleshoot doesn't handle hex register values correctly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-05 22:24 UTC by David Howells
Modified: 2010-10-19 07:07 UTC (History)
2 users (show)

Fixed In Version: setroubleshoot-2.2.102-1.fc13
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-10-19 07:07:02 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description David Howells 2010-10-05 22:24:20 UTC 
I'm seeing the following error in my /var/log/messages:

Oct  5 23:10:50 galaxy setroubleshoot: [avc.ERROR] Plugin Exception selinuxpolicy #012Traceback (most recent call last):#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 148, in analyze_avc#012    report = plugin.analyze(avc)#012  File "/usr/share/setroubleshoot/plugins/selinuxpolicy.py", line 47, in analyze#012    if (avc.has_any_access_in(['write']) or avc.open_with_write())       and \#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/audit_data.py", line 631, in open_with_write#012    if self.a1 and (int(self.a1) & O_ACCMODE) != os.O_RDONLY:#012ValueError: invalid literal for int() with base 10: '1fa6ac0'
Oct  5 23:10:50 galaxy setroubleshoot: [avc.ERROR] Plugin Exception kernel_modules #012Traceback (most recent call last):#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 148, in analyze_avc#012    report = plugin.analyze(avc)#012  File "/usr/share/setroubleshoot/plugins/kernel_modules.py", line 47, in analyze#012    if (avc.has_any_access_in(['write']) or avc.open_with_write())        and \#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/audit_data.py", line 631, in open_with_write#012    if self.a1 and (int(self.a1) & O_ACCMODE) != os.O_RDONLY:#012ValueError: invalid literal for int() with base 10: '1fa6ac0'

The problem appears to be the following line of audit log.  Note the contents of a0-a2:

type=SYSCALL msg=audit(1286316644.383:312): arch=c000003e syscall=59 success=no exit=-13 a0=1fa6a60 a1=1fa6ac0 a2=1fa6c50 a3=10 items=0 ppid=6158 pid=6159 auid=4043 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="service" exe="/bin/bash" subj=unconfined_u:system_r:openvpn_t:s0 key=(null)
type=AVC msg=audit(1286316644.383:313): avc:  denied  { open } for  pid=6159 comm="service" name="consoletype" dev=md1 ino=3801142 scontext=unconfined_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file

The versions of various stuff that might be relevant:

setroubleshoot-2.2.96-1.fc13.x86_64
setroubleshoot-plugins-2.1.61-1.fc13.noarch
audit-2.0.4-3.fc13.x86_64
kernel-2.6.34.7-56.fc13.x86_64
selinux-policy-3.7.19-62.fc13.noarch
policycoreutils-2.0.83-28.fc13.x86_64
python-2.6.4-27.fc13.x86_64
Comment 1 Daniel Walsh 2010-10-06 12:38:20 UTC 
Fixed in setroubleshoot-2.2.102-1.fc13
Comment 2 Fedora Update System 2010-10-06 13:00:45 UTC 
setroubleshoot-2.2.102-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/setroubleshoot-2.2.102-1.fc13
Comment 3 Fedora Update System 2010-10-08 20:56:49 UTC 
setroubleshoot-2.2.102-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update setroubleshoot'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/setroubleshoot-2.2.102-1.fc13
Comment 4 Fedora Update System 2010-10-19 07:06:58 UTC 
setroubleshoot-2.2.102-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.