F14 alpha RC4: tons of sedispatch: AVC Message for setroubleshoot, dropping messages?
Jurgen Kramer
gtmkramer at xs4all.nl
Wed Aug 18 16:42:25 UTC 2010
On Wed, 2010-08-18 at 09:29 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/17/2010 05:16 PM, Adam Williamson wrote:
> > On Tue, 2010-08-17 at 19:56 +0200, Jurgen Kramer wrote:
> >> I've just did a fresh install of F14alpha RC4 to see if I could
> >> reproduce a bug. When checking /var/log/messages a see a ton of these:
> >>
> >> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
> >> dropping message
> >> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
> >> dropping message
> >> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
> >> dropping message
> >> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
> >> dropping message
> >> Aug 17 19:45:49 f14alpha-rc4 sedispatch: AVC Message for setroubleshoot,
> >> dropping message
> >>
> >> Is this a known problem?
> >
> > Is that before or after applying updates?
This was before applying updates. After updating I now longer see the
messages appear.
>
> What does
>
> #ausearch -m avc -ts recent
>
> show?
For completeness I checked it. This only shows 'normal' AVC denied
messages from my current boot up. They are all from setroubleshootd
(comm="setroubleshootd"). I am not sure this is normal behavior.
They are all like (at least 20 or so):
----
time->Wed Aug 18 18:33:02 2010
type=SYSCALL msg=audit(1282149182.060:24): arch=c000003e syscall=87
success=no exit=-13 a0=7fff4f795fa0 a1=0 a2=4c4dfc3c a3=1 items=0 ppid=1
pid=1684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd"
exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
key=(null)
type=AVC msg=audit(1282149182.060:24): avc: denied { write } for
pid=1684 comm="setroubleshootd" name="plugins" dev=dm-0 ino=397348
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=dir
More information about the test
mailing list