Another selinux rant
John Dennis
jdennis at redhat.com
Mon Jan 7 16:50:57 UTC 2008
Ralf Corsepius wrote:
>> And have you done with this bug what I'm sure we all know we are
>> supposed to do with bugs we find? :P
> Done right now.
>
> This morning's reboot gave me another opportunity to take a somewhat
> deeper look ;)
>
> https://bugzilla.redhat.com/show_bug.cgi?id=427721
Thank you Ralf, following up with a bugzilla is very much appreciated.
The key to diagnosing the problem is right there in the syslog:
setroubleshoot: [program.ERROR] Can not handle AVC'S related to the
dispatcher. exiting
tcontext=unconfined_u:system_r:setroubleshootd_t:s0
scontext=unconfined_u:system_r:setroubleshootd_t:s0
This means setroubleshootd saw an AVC that it generated itself. This
should never happen and to prevent infinite recursion the daemon shuts
down. This is most likely due to a policy bug. There were some known
policy bugs early in F8 (before GOLD) related to setroubleshoot but
those should have been fixed. Is your policy up to date?
--
John Dennis <jdennis at redhat.com>
More information about the devel
mailing list