I've just did a fresh install of F14alpha RC4 to see if I could reproduce a bug. When checking /var/log/messages a see a ton of these:
Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message
Is this a known problem?
Jurgen
On Tue, 2010-08-17 at 19:56 +0200, Jurgen Kramer wrote:
I've just did a fresh install of F14alpha RC4 to see if I could reproduce a bug. When checking /var/log/messages a see a ton of these:
Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message
Is this a known problem?
Is that before or after applying updates?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/17/2010 05:16 PM, Adam Williamson wrote:
On Tue, 2010-08-17 at 19:56 +0200, Jurgen Kramer wrote:
I've just did a fresh install of F14alpha RC4 to see if I could reproduce a bug. When checking /var/log/messages a see a ton of these:
Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message
Is this a known problem?
Is that before or after applying updates?
What does
#ausearch -m avc -ts recent
show?
On Wed, 2010-08-18 at 09:29 -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/17/2010 05:16 PM, Adam Williamson wrote:
On Tue, 2010-08-17 at 19:56 +0200, Jurgen Kramer wrote:
I've just did a fresh install of F14alpha RC4 to see if I could reproduce a bug. When checking /var/log/messages a see a ton of these:
Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message
Is this a known problem?
Is that before or after applying updates?
This was before applying updates. After updating I now longer see the messages appear.
What does
#ausearch -m avc -ts recent
show?
For completeness I checked it. This only shows 'normal' AVC denied messages from my current boot up. They are all from setroubleshootd (comm="setroubleshootd"). I am not sure this is normal behavior.
They are all like (at least 20 or so):
---- time->Wed Aug 18 18:33:02 2010 type=SYSCALL msg=audit(1282149182.060:24): arch=c000003e syscall=87 success=no exit=-13 a0=7fff4f795fa0 a1=0 a2=4c4dfc3c a3=1 items=0 ppid=1 pid=1684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1282149182.060:24): avc: denied { write } for pid=1684 comm="setroubleshootd" name="plugins" dev=dm-0 ino=397348 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/18/2010 12:42 PM, Jurgen Kramer wrote:
On Wed, 2010-08-18 at 09:29 -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/17/2010 05:16 PM, Adam Williamson wrote:
On Tue, 2010-08-17 at 19:56 +0200, Jurgen Kramer wrote:
I've just did a fresh install of F14alpha RC4 to see if I could reproduce a bug. When checking /var/log/messages a see a ton of these:
Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot, dropping message
Is this a known problem?
Is that before or after applying updates?
This was before applying updates. After updating I now longer see the messages appear.
What does
#ausearch -m avc -ts recent
show?
For completeness I checked it. This only shows 'normal' AVC denied messages from my current boot up. They are all from setroubleshootd (comm="setroubleshootd"). I am not sure this is normal behavior.
They are all like (at least 20 or so):
time->Wed Aug 18 18:33:02 2010 type=SYSCALL msg=audit(1282149182.060:24): arch=c000003e syscall=87 success=no exit=-13 a0=7fff4f795fa0 a1=0 a2=4c4dfc3c a3=1 items=0 ppid=1 pid=1684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(1282149182.060:24): avc: denied { write } for pid=1684 comm="setroubleshootd" name="plugins" dev=dm-0 ino=397348 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
If this is F14, you need to make sure you have fully updated. Python2.7 changes was causing random apps to try to recompile their pyc files. This would cause the behavior you are seeing.