F14 alpha RC4: tons of sedispatch: AVC Message for setroubleshoot, dropping messages?

Daniel J Walsh dwalsh at redhat.com
Wed Aug 18 23:13:18 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/18/2010 12:42 PM, Jurgen Kramer wrote:
> On Wed, 2010-08-18 at 09:29 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 08/17/2010 05:16 PM, Adam Williamson wrote:
>>> On Tue, 2010-08-17 at 19:56 +0200, Jurgen Kramer wrote:
>>>> I've just did a fresh install of F14alpha RC4 to see if I could
>>>> reproduce a bug. When checking /var/log/messages a see a ton of these:
>>>>
>>>> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
>>>> dropping message
>>>> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
>>>> dropping message
>>>> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
>>>> dropping message
>>>> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
>>>> dropping message
>>>> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
>>>> dropping message
>>>>
>>>> Is this a known problem?
>>>
>>> Is that before or after applying updates?
> 
> This was before applying updates. After updating I now longer see the
> messages appear.
>>
>> What does
>>
>> #ausearch -m avc -ts recent
>>
>> show?
> 
> For completeness I checked it. This only shows 'normal' AVC denied
> messages from my current boot up. They are all from setroubleshootd
> (comm="setroubleshootd"). I am not sure this is normal behavior. 
> 
> They are all like (at least 20 or so):
> 
> ----
> time->Wed Aug 18 18:33:02 2010
> type=SYSCALL msg=audit(1282149182.060:24): arch=c000003e syscall=87
> success=no exit=-13 a0=7fff4f795fa0 a1=0 a2=4c4dfc3c a3=1 items=0 ppid=1
> pid=1684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1282149182.060:24): avc:  denied  { write } for
> pid=1684 comm="setroubleshootd" name="plugins" dev=dm-0 ino=397348
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> 
If this is F14, you need to make sure you have fully updated.  Python2.7
changes was causing random apps to try to recompile their pyc files.
This would cause the behavior you are seeing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxsaQ4ACgkQrlYvE4MpobNvHACfYAOQvJVZGEwCAs/r6kK7Pof/
mrMAoL0fnhBcLsCmwXIKjPhneOf9MpGf
=2R/j
-----END PGP SIGNATURE-----

More information about the test mailing list