Dan,
The issue persists even after
touch/.autorelabel
reboot
Also checked setroubleshoot before and after reboot, and it is labeled
>ls -Z setroubleshoot
-rwxr-xr-x root root
system_u:object_r:initrc_exec_t setroubleshoot
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:42 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: setroubleshootd dead but pid file exists
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 11:38 AM, Radha Venkatesh (radvenka) wrote:
Dan,
Yes, we are seeing setroubleshoot related avc messages. Attached is
the output of "ausearch -m avc | grep setroubleshoot".
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:24 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: setroubleshootd dead but pid file exists
On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
> Hi,
> The problem we face is
>>> service setroubleshoot status
> setroubleshootd dead but pid file exists
> We are running into Bug 480432
> <
https://bugzilla.redhat.com/show_bug.cgi?id=480432> -
> setroubleshootd killed - apparently by selinux on our system. The
> kernel we are running on is 2.6.18-194.el5PAE and the selinux,
> setroubleshoot rpms being used are
> libselinux-1.33.4-5.5.el5
> selinux-policy-strict-2.4.6-279.el5
> platform-selinux-2.0.0.0-1
> cm-selinux-2.0.0.0-0
> libselinux-python-1.33.4-5.5.el5
> libselinux-utils-1.33.4-5.5.el5
> selinux-policy-2.4.6-279.el5
> setroubleshoot-server-2.0.5-5.el5
> setroubleshoot-plugins-2.0.4-2.el5
> Is there a workaround for the above issue, if we cannot go to the
> latest kernel?
> Thanks,
> Radha.
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
Are you seeing an AVC about setroubleshoot?
ausearch -m avc -ts recent
Or ausearch -m avc | grep setroubleshoot
Well you have setroubleshoot running as sshd_t? I think you have a
badly mislabeled system
touch /.autorelabel; reboot
And see if things start to work correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkx9ItMACgkQrlYvE4MpobN91QCg52hYDUwPHXeVuMsvlBkBMF8d
7wEAn0lkY1dbtIQO/SF3/XeC7UQhkiPa
=eMjP
-----END PGP SIGNATURE-----