Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

selinux errors fail with obnoxious stack traces #193

Open
bsherman opened this issue Aug 24, 2024 · 1 comment · May be fixed by #194
Open

selinux errors fail with obnoxious stack traces #193

bsherman opened this issue Aug 24, 2024 · 1 comment · May be fixed by #194
Labels
bug Something isn't working

Comments

@bsherman
Copy link
Collaborator

when an selinux violation occurs this nasty stack trace gets printed in the journal:

Aug 24 21:50:05 ucore-vm audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.SetroubleshootPrivileged@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?>
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: The call org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext has failed with an exception:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: Traceback (most recent call last):
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 455, in _method_callback
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     result = self._handle_call(
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 265, in _handle_call
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return handler(*parameters, **additional_args)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/share/setroubleshoot/SetroubleshootPrivileged.py", line 57, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 629, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 514, in get_rpm_nvr_by_type
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     build_module_type_cache()
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 565, in build_module_type_cache
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/selinux/targeted/active/modules'

The FileNotFoundError is due to /var/lib/selinux/targeted/active/modules being missing... it SHOULD be there since selinux-policy-targeted is installed, but anything RPMs install to the /var/ filesystem is not retained... a common problem with the rpm-ostree based systems.

@bsherman bsherman added the bug Something isn't working label Aug 24, 2024
@bsherman bsherman self-assigned this Aug 24, 2024
bsherman added a commit that referenced this issue Aug 24, 2024
Fixes: #193

It may be debatable to fix this... it is log noise, but maybe we should
leave it for a more "real" fix?

Pushing PR to get feedback.
@bsherman bsherman linked a pull request Aug 24, 2024 that will close this issue
@bsherman bsherman removed their assignment Aug 25, 2024
Copy link

dosubot bot commented Nov 24, 2024

Hi, @bsherman. I'm Dosu, and I'm helping the ucore team manage their backlog. I'm marking this issue as stale.

Issue Summary

  • SELinux violation results in a lengthy stack trace in the system journal.
  • The stack trace is generated by a failure in SetroubleshootPrivileged.py.
  • The issue is considered excessive and unhelpful for users.
  • No further comments or activity have been made on this issue.

Next Steps

  • Please confirm if this issue is still relevant to the latest version of the ucore repository by commenting here.
  • If there is no further activity, this issue will be automatically closed in 14 days.

Thank you for your understanding and contribution!

@dosubot dosubot bot added the stale Issue has not had recent activity or appears to be solved. Stale issues will be automatically closed label Nov 24, 2024
@bsherman bsherman removed the stale Issue has not had recent activity or appears to be solved. Stale issues will be automatically closed label Nov 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant