Skip to content

selinux errors fail with obnoxious stack traces #193

New issue
New issue
Open
#194
Open
selinux errors fail with obnoxious stack traces#193
#194
Labels
bugSomething isn't working
@bsherman

Description

@bsherman
bsherman
opened on Aug 24, 2024

when an selinux violation occurs this nasty stack trace gets printed in the journal:

Aug 24 21:50:05 ucore-vm audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.SetroubleshootPrivileged@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?>
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: The call org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext has failed with an exception:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: Traceback (most recent call last):
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 455, in _method_callback
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     result = self._handle_call(
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 265, in _handle_call
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return handler(*parameters, **additional_args)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/share/setroubleshoot/SetroubleshootPrivileged.py", line 57, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 629, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 514, in get_rpm_nvr_by_type
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     build_module_type_cache()
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 565, in build_module_type_cache
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/selinux/targeted/active/modules'

The FileNotFoundError is due to /var/lib/selinux/targeted/active/modules being missing... it SHOULD be there since selinux-policy-targeted is installed, but anything RPMs install to the /var/ filesystem is not retained... a common problem with the rpm-ostree based systems.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions