Bug 891656 - Possible (file descriptor?) leak: AVCs from /usr/lib/systemd/system-generators/lvm2-activation-generator
Summary: Possible (file descriptor?) leak: AVCs from /usr/lib/systemd/system-generator...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-03 14:48 UTC by Tom London
Modified: 2013-01-11 13:37 UTC (History)
20 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-01-11 13:37:52 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
sealert output describing the AVCs (3.95 KB, text/plain)
2013-01-03 14:48 UTC, Tom London 		no flags Details
View All

Description Tom London 2013-01-03 14:48:56 UTC 
Created attachment 672104 [details]
sealert output describing the AVCs

Description of problem:
I'm seeing regular occurrences of SELinux AVCs reporting read/write access violations by /usr/lib/systemd/system-generators/lvm2-activation-generator to deleted files in /run/systemd/dump-X-XXXXXX.

This seems to happen when glibc is updated and other times that systemd reexecutes.

Here are 2 such spews from /var/log/messages showing the timing of such events:

Jan  2 07:11:28 tlondon systemd[1]: Reexecuting.
Jan  2 07:11:28 tlondon systemd[1]: systemd 196 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ; fedora)
Jan  2 07:11:28 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  2 07:11:28 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  2 07:11:28 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  2 07:11:28 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  2 07:11:28 tlondon systemd[1]: Found device /sys/devices/virtual/block/dm-1.
Jan  2 07:11:28 tlondon systemd[1]: Found device /dev/dm-1.
Jan  2 07:11:28 tlondon systemd[1]: Found device /dev/disk/by-id/dm-name-vg_tlondon-lv_swap.
Jan  2 07:11:28 tlondon systemd[1]: Found device /dev/disk/by-id/dm-uuid-LVM-BLvYs69PzJSkE1SBIVCjv7E0nyKifP3GFRaZt1L7TczAEcLcZn3gRTL29AQYQzed.
Jan  2 07:11:28 tlondon systemd[1]: Found device /dev/disk/by-uuid/642a6b45-04e2-4bb5-b563-64c4554c0a6a.
Jan  2 07:11:28 tlondon systemd[1]: Found device /dev/vg_tlondon/lv_swap.
Jan  2 07:11:28 tlondon systemd[1]: Activated swap /dev/disk/by-id/dm-name-vg_tlondon-lv_swap.
Jan  2 07:11:28 tlondon systemd[1]: Activated swap /dev/disk/by-id/dm-uuid-LVM-BLvYs69PzJSkE1SBIVCjv7E0nyKifP3GFRaZt1L7TczAEcLcZn3gRTL29AQYQzed.
Jan  2 07:11:28 tlondon systemd[1]: Started CUPS Printing Service.
Jan  2 07:11:28 tlondon dbus-daemon[597]: dbus[597]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jan  2 07:11:28 tlondon dbus[597]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jan  2 07:11:31 tlondon dbus[597]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan  2 07:11:31 tlondon dbus-daemon[597]: dbus[597]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan  2 07:11:33 tlondon setroubleshoot: SELinux is preventing /usr/lib/systemd/system-generators/lvm2-activation-generator from 'read, write' accesses on the file /run/systemd/dump-1-pH55Lj (deleted). For complete SELinux messages. run sealert -l 45a4a3dd-295d-48f5-8976-2649b4925030
Jan  2 07:11:33 tlondon setroubleshoot: SELinux is preventing /usr/lib/systemd/system-generators/lvm2-activation-generator from 'read, write' accesses on the file /run/systemd/dump-1-pH55Lj (deleted). For complete SELinux messages. run sealert -l 45a4a3dd-295d-48f5-8976-2649b4925030
Jan  2 07:45:05 tlondon NetworkManager[595]: <warn> nl_recvmsgs() error: (-33) Dump inconsistency detected, interrupted
Jan  2 07:50:00 tlondon kernel: [ 4397.348848] gnome-settings-[1218]: segfault at 7fd47d949250 ip 00007fd47d949250 sp 00007fff42b44ab8 error 14
Jan  2 07:50:01 tlondon colord: device removed: xrandr-Lenovo Group Limited
Jan  2 07:50:01 tlondon colord: device removed: xrandr-Hewlett Packard-HP L2208w-CNK80501FQ
Jan  2 07:50:01 tlondon colord: Profile removed: icc-6d6481424142001e8b3e9a0798f565ae
Jan  2 07:50:01 tlondon colord: Profile removed: icc-fb966b58deaea60478f4f09fd0725cdf
Jan  2 07:50:01 tlondon colord: Profile removed: icc-bc5dc112cbdfc98bb079e140e3b30971
Jan  2 07:50:01 tlondon colord: Profile removed: icc-7e275e3fbeb1f3075ae35224f56b40f4
Jan  2 07:50:01 tlondon gnome-session[1013]: WARNING: Application 'gnome-settings-daemon.desktop' killed by signal 11
Jan  2 07:50:02 tlondon systemd-logind[588]: System is powering down.
Jan  2 07:50:02 tlondon systemd[1]: SELinux Got Sender :1.1
Jan  2 07:50:02 tlondon systemd[1]: Starting Show Plymouth Power Off Screen...
Jan  2 07:50:02 tlondon systemd[1]: Deactivating swap /dev/dm-1...
Jan  2 07:50:02 tlondon systemd[1]: Deactivating swap /dev/dm-1...
Jan  2 07:50:02 tlondon systemd[1]: Deactivating swap /dev/dm-1...
Jan  2 07:50:02 tlondon systemd[1]: Deactivating swap /dev/dm-1...
Jan  2 07:50:02 tlondon systemd[1]: Deactivating swap /dev/dm-1...

And

Jan  1 09:28:05 tlondon yum[3650]: Updated: gnome-shell-extension-common-3.7.3-1.fc19.noarch
Jan  1 09:28:09 tlondon systemd[1]: Reexecuting.
Jan  1 09:28:09 tlondon systemd[1]: systemd 196 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ; fedora)
Jan  1 09:28:09 tlondon dbus-daemon[612]: dbus[612]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jan  1 09:28:09 tlondon dbus[612]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jan  1 09:28:10 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  1 09:28:10 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  1 09:28:10 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  1 09:28:10 tlondon systemd[1]: Found device Hitachi_HTS725050A9A364.
Jan  1 09:28:10 tlondon systemd[1]: Found device /sys/devices/virtual/block/dm-1.
Jan  1 09:28:10 tlondon systemd[1]: Found device /dev/dm-1.
Jan  1 09:28:10 tlondon systemd[1]: Found device /dev/disk/by-id/dm-name-vg_tlondon-lv_swap.
Jan  1 09:28:10 tlondon systemd[1]: Found device /dev/disk/by-id/dm-uuid-LVM-BLvYs69PzJSkE1SBIVCjv7E0nyKifP3GFRaZt1L7TczAEcLcZn3gRTL29AQYQzed.
Jan  1 09:28:10 tlondon systemd[1]: Found device /dev/disk/by-uuid/642a6b45-04e2-4bb5-b563-64c4554c0a6a.
Jan  1 09:28:10 tlondon systemd[1]: Found device /dev/vg_tlondon/lv_swap.
Jan  1 09:28:10 tlondon systemd[1]: Activated swap /dev/disk/by-id/dm-name-vg_tlondon-lv_swap.
Jan  1 09:28:10 tlondon systemd[1]: Activated swap /dev/disk/by-uuid/642a6b45-04e2-4bb5-b563-64c4554c0a6a.
Jan  1 09:28:10 tlondon systemd[1]: Started CUPS Printing Service.
Jan  1 09:28:10 tlondon systemd[1]: Stopping Command Scheduler...
Jan  1 09:28:10 tlondon systemd[1]: Starting Command Scheduler...
Jan  1 09:28:10 tlondon systemd[1]: Started Command Scheduler.
Jan  1 09:28:10 tlondon yum[3650]: Updated: glibc-2.17-1.fc19.x86_64
Jan  1 09:28:11 tlondon dbus-daemon[612]: dbus[612]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan  1 09:28:11 tlondon dbus[612]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan  1 09:28:15 tlondon setroubleshoot: SELinux is preventing /usr/lib/systemd/system-generators/lvm2-activation-generator from 'read, write' accesses on the file /run/systemd/dump-1-ZcTf8s (deleted). For complete SELinux messages. run sealert -l db83bc13-d752-4c0c-910f-973009e9526f
Jan  1 09:28:15 tlondon setroubleshoot: SELinux is preventing /usr/lib/systemd/system-generators/lvm2-activation-generator from 'read, write' accesses on the file /run/systemd/dump-1-ZcTf8s (deleted). For complete SELinux messages. run sealert -l db83bc13-d752-4c0c-910f-973009e9526f
Jan  1 09:28:22 tlondon yum[3650]: Updated: glibc-common-2.17-1.fc19.x86_64
Jan  1 09:28:24 tlondon yum[3650]: Updated: glibc-headers-2.17-1.fc19.x86_64
Jan  1 09:28:25 tlondon yum[3650]: Updated: systemtap-runtime-2.1-0.185.g283159e.fc19.x86_64
Jan  1 09:28:27 tlondon yum[3650]: Updated: systemtap-client-2.1-0.185.g283159e.fc19.x86_64
Jan  1 09:28:29 tlondon yum[3650]: Updated: systemtap-devel-2.1-0.185.g283159e.fc19.x86_64
Jan  1 09:28:30 tlondon yum[3650]: Updated: groff-base-1.22.1-1.fc19.x86_64
Jan  1 09:28:32 tlondon yum[3650]: Updated: groff-1.22.1-1.fc19.x86_64
Jan  1 09:28:32 tlondon yum[3650]: Updated: systemtap-2.1-0.185.g283159e.fc19.x86_64
Jan  1 09:28:33 tlondon yum[3650]: Updated: glibc-devel-2.17-1.fc19.x86_64
Jan  1 09:28:34 tlondon yum[3650]: Updated: nscd-2.17-1.fc19.x86_64
Jan  1 09:28:34 tlondon yum[3650]: Updated: squashfs-tools-4.3-0.5.gitc11af515.fc19.x86_64
Jan  1 09:28:35 tlondon yum[3650]: Updated: gnome-shell-extension-user-theme-3.7.3-1.fc19.noarch
Jan  1 09:28:36 tlondon yum[3650]: Updated: gnome-shell-extension-alternative-status-menu-3.7.3-1.fc19.noarch
Jan  1 09:28:36 tlondon yum[3650]: Updated: gnome-shell-extension-drive-menu-3.7.3-1.fc19.noarch

I attach the sealert text.

Version-Release number of selected component (if applicable):
systemd-196-4.fc19.x86_64

How reproducible:
When systemd reexecutes? when yum updates glibc?

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Alasdair Kergon 2013-01-03 19:54:14 UTC 
What are files with names like /run/systemd/dump-1-ZcTf8s (deleted) used for and what would have opened them originally?
Comment 2 Tom London 2013-01-05 17:51:31 UTC 
[tbl@tlondon systemd]$ sudo strings /usr/lib/systemd/systemd | grep /run/systemd/dump
/run/systemd/dump-%lu-XXXXXX
[tbl@tlondon systemd]$ 

So, it appears that systemd itself is creating this file.
Comment 3 Lennart Poettering 2013-01-11 13:37:52 UTC 
Yeah, this was a bug in systemd. Fixed with 197.
Note You need to log in before you can comment on or make changes to this bug.