Description of problem: I don't know. New install. I suspect logwatch might be the problem: Perl is now running "forever" in an unkillable (keeps respawning) process at 99% CPU. SELinux is preventing /usr/sbin/mdadm from 'read' accesses on the chr_file fb0. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that mdadm should be allowed read access on the fb0 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mdadm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:mdadm_t:s0-s0:c0.c1023 Target Context system_u:object_r:framebuf_device_t:s0 Target Objects fb0 [ chr_file ] Source mdadm Source Path /usr/sbin/mdadm Port <Unknown> Host (removed) Source RPM Packages mdadm-3.2.6-19.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-57.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.8-300.fc19.x86_64 #1 SMP Thu Jun 27 19:24:23 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-07-05 08:55:30 EDT Last Seen 2013-07-05 10:40:19 EDT Local ID 4ff81e9d-95dc-4902-85bf-6604fac761da Raw Audit Messages type=AVC msg=audit(1373035219.916:508): avc: denied { read } for pid=3990 comm="mdadm" name="fb0" dev="devtmpfs" ino=1971 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:framebuf_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1373035219.916:508): arch=x86_64 syscall=open success=no exit=EACCES a0=2245040 a1=4000 a2=a a3=0 items=0 ppid=3989 pid=3990 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=6 tty=(none) comm=mdadm exe=/usr/sbin/mdadm subj=system_u:system_r:mdadm_t:s0-s0:c0.c1023 key=(null) Hash: mdadm,mdadm_t,framebuf_device_t,chr_file,read Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.8-300.fc19.x86_64 type: libreport
Perl didn't run "forever," and logwatch ran fine - just to rule these out. Thanks.
Also occurs with updated kernel and SELinux policy: SELinux is preventing /usr/sbin/mdadm from read access on the chr_file fb0. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that mdadm should be allowed read access on the fb0 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mdadm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:mdadm_t:s0-s0:c0.c1023 Target Context system_u:object_r:framebuf_device_t:s0 Target Objects fb0 [ chr_file ] Source mdadm Source Path /usr/sbin/mdadm Port <Unknown> Host (removed) Source RPM Packages mdadm-3.2.6-19.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-59.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.9-301.fc19.x86_64 #1 SMP Thu Jul 4 15:10:36 UTC 2013 x86_64 x86_64 Alert Count 4 First Seen 2013-07-05 03:44:06 EDT Last Seen 2013-07-08 10:37:08 EDT Local ID 856d52b5-3b4a-44e3-9992-afc67a747038 Raw Audit Messages type=AVC msg=audit(1373294228.10:575): avc: denied { read } for pid=3509 comm="mdadm" name="fb0" dev="devtmpfs" ino=6807 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:framebuf_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1373294228.10:575): arch=x86_64 syscall=open success=no exit=EACCES a0=1b0b750 a1=4000 a2=a a3=0 items=0 ppid=3508 pid=3509 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=12 tty=(none) comm=mdadm exe=/usr/sbin/mdadm subj=system_u:system_r:mdadm_t:s0-s0:c0.c1023 key=(null) Hash: mdadm,mdadm_t,framebuf_device_t,chr_file,read
b7f1a40e7e99fd3429298e9c542e9c9487606656 allows this in git.
selinux-policy-3.12.1-63.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-63.fc19
Package selinux-policy-3.12.1-63.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-63.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-12762/selinux-policy-3.12.1-63.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-63.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.