fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: setroubleshootd dead but pid file exists

Re: setroubleshootd dead but pid file exists

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Tue Aug 31 2010 - 15:42:12 GMT
To: "Radha Venkatesh (radvenka)" <radvenka@cisco.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/31/2010 11:38 AM, Radha Venkatesh (radvenka) wrote:
>
> Dan,
>
> Yes, we are seeing setroubleshoot related avc messages. Attached is the
> output of "ausearch -m avc | grep setroubleshoot".
>
> Thanks,
> Radha.
>
>
> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh@redhat.com]
> Sent: Tuesday, August 31, 2010 8:24 AM
> To: Radha Venkatesh (radvenka)
> Cc: fedora-selinux-list@redhat.com
> Subject: Re: setroubleshootd dead but pid file exists
>
> On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
>> Hi,
>
>> The problem we face is
>
>>>> service setroubleshoot status
>> setroubleshootd dead but pid file exists
>
>> We are running into Bug 480432
>> <https://bugzilla.redhat.com/show_bug.cgi?id=480432> -
>> setroubleshootd killed - apparently by selinux on our system. The
>> kernel we are running on is 2.6.18-194.el5PAE and the selinux,
>> setroubleshoot rpms being used are
>
>> libselinux-1.33.4-5.5.el5
>> selinux-policy-strict-2.4.6-279.el5
>> platform-selinux-2.0.0.0-1
>> cm-selinux-2.0.0.0-0
>> libselinux-python-1.33.4-5.5.el5
>> libselinux-utils-1.33.4-5.5.el5
>> selinux-policy-2.4.6-279.el5
>
>> setroubleshoot-server-2.0.5-5.el5
>> setroubleshoot-plugins-2.0.4-2.el5
>
>> Is there a workaround for the above issue, if we cannot go to the
>> latest kernel?
>
>> Thanks,
>> Radha.
>
>
>
>
>
>
>
>> --
>> selinux mailing list
>> selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> Are you seeing an AVC about setroubleshoot?
>
> ausearch -m avc -ts recent
>
>
> Or ausearch -m avc | grep setroubleshoot
>
Well you have setroubleshoot running as sshd_t? I think you have a
badly mislabeled system

touch /.autorelabel; reboot

And see if things start to work correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx9ItMACgkQrlYvE4MpobN91QCg52hYDUwPHXeVuMsvlBkBMF8d
7wEAn0lkY1dbtIQO/SF3/XeC7UQhkiPa
=eMjP
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux