[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another selinux rant



Ralf Corsepius wrote:
And have you done with this bug what I'm sure we all know we are supposed to do with bugs we find? :P
Done right now.
This morning's reboot gave me another opportunity to take a somewhat
deeper look ;)

https://bugzilla.redhat.com/show_bug.cgi?id=427721

Thank you Ralf, following up with a bugzilla is very much appreciated. The key to diagnosing the problem is right there in the syslog:

setroubleshoot: [program.ERROR] Can not handle AVC'S related to the dispatcher. exiting

tcontext=unconfined_u:system_r:setroubleshootd_t:s0 scontext=unconfined_u:system_r:setroubleshootd_t:s0

This means setroubleshootd saw an AVC that it generated itself. This should never happen and to prevent infinite recursion the daemon shuts down. This is most likely due to a policy bug. There were some known policy bugs early in F8 (before GOLD) related to setroubleshoot but those should have been fixed. Is your policy up to date?

--
John Dennis <jdennis redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]