fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: RE: setroubleshootd dead but pid file exists

RE: setroubleshootd dead but pid file exists

From: Radha Venkatesh (radvenka) <radvenka_at_nospam>
Date: Tue Aug 31 2010 - 16:31:01 GMT
To: "Daniel J Walsh" <dwalsh@redhat.com>

Dan,

The issue persists even after

touch/.autorelabel
reboot

Also checked setroubleshoot before and after reboot, and it is labeled

>>ls -Z setroubleshoot
-rwxr-xr-x root root system_u:object_r:initrc_exec_t setroubleshoot

Thanks,
Radha.
 

-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, August 31, 2010 8:42 AM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list@redhat.com
Subject: Re: setroubleshootd dead but pid file exists

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/31/2010 11:38 AM, Radha Venkatesh (radvenka) wrote:
>
> Dan,
>
> Yes, we are seeing setroubleshoot related avc messages. Attached is
> the output of "ausearch -m avc | grep setroubleshoot".
>
> Thanks,
> Radha.
>
>
> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh@redhat.com]
> Sent: Tuesday, August 31, 2010 8:24 AM
> To: Radha Venkatesh (radvenka)
> Cc: fedora-selinux-list@redhat.com
> Subject: Re: setroubleshootd dead but pid file exists
>
> On 08/31/2010 11:17 AM, Radha Venkatesh (radvenka) wrote:
>> Hi,
>
>> The problem we face is
>
>>>> service setroubleshoot status
>> setroubleshootd dead but pid file exists
>
>> We are running into Bug 480432
>> <https://bugzilla.redhat.com/show_bug.cgi?id=480432> -
>> setroubleshootd killed - apparently by selinux on our system. The
>> kernel we are running on is 2.6.18-194.el5PAE and the selinux,
>> setroubleshoot rpms being used are
>
>> libselinux-1.33.4-5.5.el5
>> selinux-policy-strict-2.4.6-279.el5
>> platform-selinux-2.0.0.0-1
>> cm-selinux-2.0.0.0-0
>> libselinux-python-1.33.4-5.5.el5
>> libselinux-utils-1.33.4-5.5.el5
>> selinux-policy-2.4.6-279.el5
>
>> setroubleshoot-server-2.0.5-5.el5
>> setroubleshoot-plugins-2.0.4-2.el5
>
>> Is there a workaround for the above issue, if we cannot go to the
>> latest kernel?
>
>> Thanks,
>> Radha.
>
>
>
>
>
>
>
>> --
>> selinux mailing list
>> selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> Are you seeing an AVC about setroubleshoot?
>
> ausearch -m avc -ts recent
>
>
> Or ausearch -m avc | grep setroubleshoot
>
Well you have setroubleshoot running as sshd_t? I think you have a
badly mislabeled system

touch /.autorelabel; reboot

And see if things start to work correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx9ItMACgkQrlYvE4MpobN91QCg52hYDUwPHXeVuMsvlBkBMF8d
7wEAn0lkY1dbtIQO/SF3/XeC7UQhkiPa
=eMjP
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux