10:17 a.m.
Hi,
The problem we face is
>service setroubleshoot status
setroubleshootd dead but pid
file exists
We are running into Bug 480432
<https://bugzilla.redhat.com/show_bug.cgi?id=480432> - setroubleshootd
killed - apparently by selinux on our system. The kernel we are running
on is 2.6.18-194.el5PAE and the selinux, setroubleshoot rpms being used
are
libselinux-1.33.4-5.5.el5
selinux-policy-strict-2.4.6-279.el5
platform-selinux-2.0.0.0-1
cm-selinux-2.0.0.0-0
libselinux-python-1.33.4-5.5.el5
libselinux-utils-1.33.4-5.5.el5
selinux-policy-2.4.6-279.el5
setroubleshoot-server-2.0.5-5.el5
setroubleshoot-plugins-2.0.4-2.el5
Is there a workaround for the above issue, if we cannot go to the latest
kernel?
Thanks,
Radha.
10:24 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
Hi,
The problem we face is
>> service setroubleshoot status
setroubleshootd dead but pid file exists
We are running into Bug 480432
<https://bugzilla.redhat.com/show_bug.cgi?id=480432> - setroubleshootd
killed - apparently by selinux on our system. The kernel we are running
on is 2.6.18-194.el5PAE and the selinux, setroubleshoot rpms being used
are
libselinux-1.33.4-5.5.el5
selinux-policy-strict-2.4.6-279.el5
platform-selinux-2.0.0.0-1
cm-selinux-2.0.0.0-0
libselinux-python-1.33.4-5.5.el5
libselinux-utils-1.33.4-5.5.el5
selinux-policy-2.4.6-279.el5
setroubleshoot-server-2.0.5-5.el5
setroubleshoot-plugins-2.0.4-2.el5
Is there a workaround for the above issue, if we cannot go to the latest
kernel?
Thanks,
Radha.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Are you seeing an AVC
about setroubleshoot?
ausearch -m avc -ts recent
Or ausearch -m avc | grep setroubleshoot
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx9HqIACgkQrlYvE4MpobNcPgCfSZvENkOdQiEcw7hmW38U9w4s
0WkAoKZNuj0XoFB1Uyc95ysGr7mvbRpS
=AGIr
-----END PGP SIGNATURE-----
10:38 a.m.
Dan,
Yes, we are seeing setroubleshoot related avc messages. Attached is the
output of "ausearch -m avc | grep setroubleshoot".
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:24 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: setroubleshootd dead but pid file exists
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
Hi,
The problem we face is
>> service setroubleshoot status
setroubleshootd dead but pid file exists
We are running into Bug 480432
<https://bugzilla.redhat.com/show_bug.cgi?id=480432> -
setroubleshootd killed - apparently by selinux on our system. The
kernel we are running on is 2.6.18-194.el5PAE and the selinux,
setroubleshoot rpms being used are
libselinux-1.33.4-5.5.el5
selinux-policy-strict-2.4.6-279.el5
platform-selinux-2.0.0.0-1
cm-selinux-2.0.0.0-0
libselinux-python-1.33.4-5.5.el5
libselinux-utils-1.33.4-5.5.el5
selinux-policy-2.4.6-279.el5
setroubleshoot-server-2.0.5-5.el5
setroubleshoot-plugins-2.0.4-2.el5
Is there a workaround for the above issue, if we cannot go to the
latest kernel?
Thanks,
Radha.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Are you seeing an AVC
about setroubleshoot?
ausearch -m avc -ts recent
Or ausearch -m avc | grep setroubleshoot
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx9HqIACgkQrlYvE4MpobNcPgCfSZvENkOdQiEcw7hmW38U9w4s
0WkAoKZNuj0XoFB1Uyc95ysGr7mvbRpS
=AGIr
-----END PGP SIGNATURE-----
10:42 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 11:38 AM, Radha Venkatesh (radvenka) wrote:
Dan,
Yes, we are seeing setroubleshoot related avc messages. Attached is the
output of "ausearch -m avc | grep setroubleshoot".
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:24 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: setroubleshootd dead but pid file exists
On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
> Hi,
> The problem we face is
>>> service setroubleshoot status
> setroubleshootd dead but pid file exists
> We are running into Bug 480432
> <https://bugzilla.redhat.com/show_bug.cgi?id=480432> -
> setroubleshootd killed - apparently by selinux on our system. The
> kernel we are running on is 2.6.18-194.el5PAE and the selinux,
> setroubleshoot rpms being used are
> libselinux-1.33.4-5.5.el5
> selinux-policy-strict-2.4.6-279.el5
> platform-selinux-2.0.0.0-1
> cm-selinux-2.0.0.0-0
> libselinux-python-1.33.4-5.5.el5
> libselinux-utils-1.33.4-5.5.el5
> selinux-policy-2.4.6-279.el5
> setroubleshoot-server-2.0.5-5.el5
> setroubleshoot-plugins-2.0.4-2.el5
> Is there a workaround for the above issue, if we cannot go to the
> latest kernel?
> Thanks,
> Radha.
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Are you seeing an AVC about setroubleshoot?
ausearch -m avc -ts recent
Or ausearch -m avc | grep setroubleshoot
Well you have setroubleshoot running as sshd_t? I think you have a
badly mislabeled system
touch /.autorelabel; reboot
And see if things start to work correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx9ItMACgkQrlYvE4MpobN91QCg52hYDUwPHXeVuMsvlBkBMF8d
7wEAn0lkY1dbtIQO/SF3/XeC7UQhkiPa
=eMjP
-----END PGP SIGNATURE-----
11:31 a.m.
Dan,
The issue persists even after
touch/.autorelabel
reboot
Also checked setroubleshoot before and after reboot, and it is labeled
>ls -Z setroubleshoot
-rwxr-xr-x root root
system_u:object_r:initrc_exec_t setroubleshoot
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:42 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: setroubleshootd dead but pid file exists
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2010 11:38 AM, Radha Venkatesh (radvenka) wrote:
Dan,
Yes, we are seeing setroubleshoot related avc messages. Attached is
the output of "ausearch -m avc | grep setroubleshoot".
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:24 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: setroubleshootd dead but pid file exists
On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
> Hi,
> The problem we face is
>>> service setroubleshoot status
> setroubleshootd dead but pid file exists
> We are running into Bug 480432
> <https://bugzilla.redhat.com/show_bug.cgi?id=480432> -
> setroubleshootd killed - apparently by selinux on our system. The
> kernel we are running on is 2.6.18-194.el5PAE and the selinux,
> setroubleshoot rpms being used are
> libselinux-1.33.4-5.5.el5
> selinux-policy-strict-2.4.6-279.el5
> platform-selinux-2.0.0.0-1
> cm-selinux-2.0.0.0-0
> libselinux-python-1.33.4-5.5.el5
> libselinux-utils-1.33.4-5.5.el5
> selinux-policy-2.4.6-279.el5
> setroubleshoot-server-2.0.5-5.el5
> setroubleshoot-plugins-2.0.4-2.el5
> Is there a workaround for the above issue, if we cannot go to the
> latest kernel?
> Thanks,
> Radha.
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Are you seeing an AVC about setroubleshoot?
ausearch -m avc -ts recent
Or ausearch -m avc | grep setroubleshoot
Well you have setroubleshoot running as sshd_t? I think you have a
badly mislabeled system
touch /.autorelabel; reboot
And see if things start to work correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx9ItMACgkQrlYvE4MpobN91QCg52hYDUwPHXeVuMsvlBkBMF8d
7wEAn0lkY1dbtIQO/SF3/XeC7UQhkiPa
=eMjP
-----END PGP SIGNATURE-----
4996
days inactive
4996
days old
selinux@lists.fedoraproject.org
4 comments
2 participants
participants (2)
-
Daniel J Walsh -
Radha Venkatesh (radvenka)