Bug 855496 - Syntax error displayed while executing sealert on audit.log
Syntax error displayed while executing sealert on audit.log
Status: CLOSED DUPLICATE of bug 851824
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: setroubleshoot (Show other bugs)
6.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-08 02:05 EDT by Gowrishankar Rajaiyan
Modified: 2012-10-02 06:06 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-18 12:12:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gowrishankar Rajaiyan 2012-09-08 02:05:41 EDT
Description of problem:


Version-Release number of selected component (if applicable):
libselinux-python-2.0.94-5.3.el6.x86_64
libselinux-2.0.94-5.3.el6.x86_64
libselinux-utils-2.0.94-5.3.el6.x86_64
selinux-policy-3.7.19-155.el6_3.noarch
selinux-policy-targeted-3.7.19-155.el6_3.noarch
setroubleshoot-server-3.0.47-3.el6_3.x86_64
sanlock-2.3-3.el6_3.x86_64
sanlock-python-2.3-3.el6_3.x86_64
sanlock-lib-2.3-3.el6_3.x86_64

How reproducible:
Always

Steps to Reproduce: (prolly not relevant)
1. Setup gluster volume.
2. Mount these volumes as storage using RHEV-M
3. sealert -a /var/log/audit/audit.log
  
Actual results:
[root@rhs-gp-srv9 ~]# sealert -a /var/log/audit/audit.log 
 11% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346420380 (deleted); } 2>&1'
 11% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346425766 (deleted); } 2>&1'
 11% donetype=AVC msg=audit(1346407511.152:6): avc:  denied  { chown } for  pid=3547 comm="sanlock" capability=0  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.153:9): avc:  denied  { search } for  pid=3547 comm="sanlock" scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.153:8): avc:  denied  { setrlimit } for  pid=3547 comm="sanlock" scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.153:7): avc:  denied  { dac_override } for  pid=3547 comm="sanlock" capability=1  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.154:10): avc:  denied  { signal } for  pid=3547 comm="sanlock" scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=process
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.154:11): avc:  denied  { setgid } for  pid=3551 comm="sanlock" capability=6  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

type=AVC msg=audit(1346407511.154:12): avc:  denied  { setuid } for  pid=3551 comm="sanlock" capability=7  scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tclass=capability
 
**** Invalid AVC allowed in current policy ***

 12% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346429721 (deleted); } 2>&1'
 39% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346733554 (deleted); } 2>&1'
 40% donesh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `{ rpm -qf /tmp/sh-thd-1346735816 (deleted); } 2>&1'
 66% done'tuple' object has no attribute 'split'
100% doneERROR: failed to read complete file, 5786600 bytes read out of total 5781734 bytes (/var/log/audit/audit.log)
found 48 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------


Expected results: No syntax errors should be displayed


Additional info:
Comment 2 Milos Malik 2012-09-10 03:14:45 EDT
I believe this is a duplicate of BZ#851824.
Comment 3 Daniel Walsh 2012-09-18 12:12:27 EDT

*** This bug has been marked as a duplicate of bug 851824 ***

Note You need to log in before you can comment on or make changes to this bug.