Bug 696840 - corrupt tpath value in setroubleshoot_database.xml
Summary: corrupt tpath value in setroubleshoot_database.xml
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 14
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-15 01:04 UTC by David Hull
Modified: 2011-05-25 15:01 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-25 15:01:41 UTC
Type: ---

Attachments (Terms of Use)
setroubleshoot_database.xml (truncated) (130.09 KB, application/xml)
2011-04-18 19:43 UTC, David Hull 		no flags Details
audit.log (truncated) (1.78 KB, text/plain)
2011-04-18 19:48 UTC, David Hull 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description David Hull 2011-04-15 01:04:06 UTC 
Description of problem:

My system's /var/lib/setroubleshoot/setroubleshoot_database.xml file is getting bad tpath values, which is preventing sealert from working.


Version-Release number of selected component (if applicable):

setroubleshoot-3.0.30-1.fc14.x86_64
setroubleshoot-server-3.0.30-1.fc14.x86_64
setroubleshoot-plugins-3.0.13-1.fc14.noarch


How reproducible:


Steps to Reproduce:
1. 
2.
3.
  
Actual results:

(The following excerpts are pasted from lessing the file.  The "^V" is control-v, etc.)

      <tpath>^V)</tpath>
      <tpath>^R^C</tpath>

[root@dale rpmbuild]# sealert -l 5728427c-b7fd-4083-b645-7b001792af11
Entity: line 59: parser error : PCDATA invalid Char value 23
      <tpath></tpath>
             ^
Entity: line 59: parser error : PCDATA invalid Char value 23
      <tpath></tpath>
              ^
The /var/adm/messages files has lines like:

Apr 14 15:37:37 dale setroubleshoot: SELinux is preventing /bin/ps from search access on the directory #021
<88>. For complete SELinux messages. run sealert -l 552ef619-d8c6-4e88-ba7c-bceda7928e3b

Here, the "<88>" is the character \0x88.

Finally, /var/log/setroubleshoot/setroubleshootd.log contains:

2011-04-14 16:51:21,310 [xml.ERROR] read_xml_file() libxml2.parserError: xmlParseFile() failed
2011-04-14 16:56:25,082 [avc.ERROR] Plugin Exception catchall 
Traceback (most recent call last):
  File "/usr/lib64/python2.7/site-packages/setroubleshoot/analyze.py", line 191, in analyze_avc
    report = plugin.analyze(avc)
  File "/usr/share/setroubleshoot/plugins/catchall.py", line 67, in analyze
    summary = self.summary + " on " + avc.tpath + "."
UnicodeDecodeError: 'utf8' codec can't decode byte 0x97 in position 1: invalid start byte
2011-04-14 17:50:19,538 [rpc.ERROR] could not send data on socket ({unix}/var/run/setroubleshoot/setroubleshoot_server socket=0x5c25b40): Broken pipe


Expected results:


Additional info:
Comment 1 Daniel Walsh 2011-04-15 12:49:48 UTC 
Do you have the AVC's that are causing this?
Comment 2 David Hull 2011-04-18 19:43:35 UTC 
Created attachment 492993 [details]
setroubleshoot_database.xml (truncated)

Entries from setroubleshoot_database.xml with bad tpath values.
Comment 3 David Hull 2011-04-18 19:48:54 UTC 
Created attachment 492995 [details]
audit.log (truncated)

These are the entries from /var/log/audit/audit.log that are related to the first entry in the setroubleshoot_database.xml attachment.  Is this what you're looking for?
Comment 4 Daniel Walsh 2011-04-18 21:03:16 UTC 
The code falsely assumed 1271 was a hex string and translated it into an unprintable string.

I added a check to make sure the string is printable after hex translation.

fixed in setroubleshoot-3.0.33.f14
Note You need to log in before you can comment on or make changes to this bug.