Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 843926

Summary: abrt from setroubleshootd
Product: Red Hat Enterprise Linux 6 Reporter: Brian Wheeler <bdwheele>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: dwalsh, mgrepl, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-17 13:40:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
output of ausearch -m avc none

Description Brian Wheeler 2012-07-27 17:09:09 UTC 
Description of problem:

setroubleshootd is generating a abrt message.


Jul 27 12:24:50 maple abrt: detected unhandled Python exception in '/usr/sbin/setroubleshootd'
Jul 27 12:24:50 maple abrtd: New client connected
Jul 27 12:24:50 maple abrtd: Directory 'pyhook-2012-07-27-12:24:50-28065' creation detected
Jul 27 12:24:50 maple abrt-server[28636]: Saved Python crash dump of pid 28065 to /var/spool/abrt/pyhook-2012-07-27-12:24:50-28065



abrt_version:   2.0.8
cmdline:        /usr/bin/python -Es /usr/sbin/setroubleshootd -f ''
executable:     /usr/sbin/setroubleshootd
kernel:         2.6.32-279.1.1.el6.x86_64
reason:         analyze.py:307:prune:ValueError: list modified during sort
time:           Fri 27 Jul 2012 12:24:50 PM EDT
uid:            0
username:       root

sosreport.tar.xz: Binary file, 3086576 bytes

backtrace:
:analyze.py:307:prune:ValueError: list modified during sort
:
:Traceback (most recent call last):
:  File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 401, in auto_save_callback
:    self.save()
:  File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 377, in save
:    self.prune()
:  File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 307, in prune
:    self.sigs.signature_list.sort(lambda a,b: cmp(a.last_seen_date, b.last_seen_date))
:ValueError: list modified during sort
:
:Local variables in innermost frame:
:self: <setroubleshoot.analyze.SETroubleshootDatabase object at 0x1324510>


Version-Release number of selected component (if applicable):

setroubleshoot-plugins-3.0.40-1.el6.noarch
setroubleshoot-server-3.0.47-3.el6_3.x86_64
setroubleshoot-3.0.47-3.el6_3.x86_64
setroubleshoot-doc-3.0.47-3.el6_3.x86_64



How reproducible:

This is happening several times a day.  I'm unable to determine which selinux message is triggering it.

The selinux message immediately before the abrt message reads:

Jul 27 12:24:50 maple setroubleshoot: SELinux is preventing /usr/bin/perl from ioctl access on the file /srv/www/webapp1.dlib.indiana.edu/cgi-bin/virtcdlib/index.cgi. For complete 
SELinux messages. run sealert -l 29ba1a04-9f89-49c9-8861-2ec6897d9b9f


and when I run the suggested sealert command, I get an error:


[root@maple bdwheele]# sealert -l 29ba1a04-9f89-49c9-8861-2ec6897d9b9f
X11 connection rejected because of wrong authentication.
Error
query_alerts error (1003): id (29ba1a04-9f89-49c9-8861-2ec6897d9b9f) not found



Additional info:
Comment 2 Daniel Walsh 2012-08-01 20:03:02 UTC 
Can you attach the ausearch -m avc output.
Comment 3 Brian Wheeler 2012-08-01 20:13:30 UTC 
Created attachment 601821 [details]
output of ausearch -m avc

per request
Comment 4 Daniel Walsh 2012-08-02 20:52:44 UTC 
Brian lets see if we can fix your avc's.

Where is shibd.sock located?  It looks like it is in a usr_t directory?

You seem to have a process running as initrc_t.
 
ps -eZ | grep initrc_t

Looks like we really should write policy for the cgi script that you are launching.

Lets fix the label on your log files.

# semanage fcontext -a -t httpd_log_t 
'/usr/local/shibboleth/var/log/httpd(/.*)?'
# restorecon -R -v /usr/local/
# semanage fcontext -a -t httpd_log_t
'/srv/www/common/logs(/.*)?'
# restorecon -R -v /srv/www

Although these would probably be better places in /var/log/httpd.