Bug 727264 - setroubleshoot not finding AVC denials
Summary: setroubleshoot not finding AVC denials
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-01 17:19 UTC by Tom
Modified: 2011-11-30 17:24 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-23 16:52:43 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Tom 2011-08-01 17:19:15 UTC 
Description of problem:
I'm not sure exactly what's going on, but here's my problem.
I only get AVC denial messages in /var/log/messages and setroubleshoot isn't working. When I run 'semodule DB' I get:
'libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete context.' and new AVC denials don't show using 'ausearch -m avc -ts recent' or 'grep AVC /var/log/audit/audit.log | sedispatch'.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-11.fc17

How reproducible:
Everytime

Steps to Reproduce:
1.Get an AVC denial with SELinux set to enforcing, and program closes
2.setroubleshoot shows nothing wrong
3.Program runs fine with SELinux set to permissive
  
Actual results:
No AVC denial message with setroubleshoot

Expected results:
setroubleshoot shows what SELinux just blocked

Additional info:
Comment 1 Germano Massullo 2011-11-21 17:38:22 UTC 
This is happening to me in Fedora 16.
Programs well known to have problems with SELinux auto close or have malfunctions, but SELinux troubleshooter does not notify in taskbar.
I have KDE 4.7.3.

Tom could you change version to Fedora 16? I think it could be better
Comment 2 Daniel Walsh 2011-11-21 23:10:05 UTC 
The problem is on update auditd is not running.

systemctl enable auditd
systemctl start auditd

Then the auditd will start sending avc's to setroubleshoot.
Comment 3 Germano Massullo 2011-11-21 23:19:08 UTC 
[root@computer ]# systemctl enable auditd
Failed to issue method call: Invalid argument
Comment 4 Miroslav Grepl 2011-11-23 08:16:30 UTC 
systemctl enable auditd.service
systemctl start auditd.service

should work.
Comment 5 Daniel Walsh 2011-11-23 16:52:43 UTC 
Oops always forget the .service part.
Comment 6 Germano Massullo 2011-11-23 17:21:25 UTC 
Why did you close as not a bug? The system did not show SELinux errors until we do
systemctl enable auditd.service
systemctl start auditd.service
That's not normal
Comment 7 Daniel Walsh 2011-11-23 17:48:25 UTC 
Well I guess I should have closed it as cantfix, since updates from F15 to F16 did not maintain the state of running services.  I am not sure why this decision was made, but that is what caused the problem. Nothing audit, setroubleshoot or selinux can do about it.
Comment 8 Germano Massullo 2011-11-23 20:46:40 UTC 
I don't understand well these technical things, but we must let know developer leaders that SELinux troubleshooter is no longer working, and this is not admissable.
Comment 9 Daniel Walsh 2011-11-29 01:55:53 UTC 
Yes I understand.  On fresh installs it will work, but on updates no system services that were working before work afterwards.
Comment 10 Germano Massullo 2011-11-29 10:55:27 UTC 
Then someone should put
systemctl enable auditd.service
systemctl start auditd.service
under upgrade FAQs from Fedora 15 to Fedora 16
Comment 11 Daniel Walsh 2011-11-29 21:04:30 UTC 
Bill who should I ping to do this?
Comment 12 Bill Nottingham 2011-11-29 21:36:37 UTC 
It's on the wiki - https://fedoraproject.org/wiki/Common_F16_bugs
Comment 13 Daniel Walsh 2011-11-30 17:24:56 UTC 
Maybe we should call this out on setroubleshoot directly.
Note You need to log in before you can comment on or make changes to this bug.