Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

selinux errors fail with obnoxious stack traces #193

Open
bsherman opened this issue Aug 24, 2024 · 0 comments · May be fixed by #194
Open

selinux errors fail with obnoxious stack traces #193

bsherman opened this issue Aug 24, 2024 · 0 comments · May be fixed by #194
Labels
bug Something isn't working

Comments

@bsherman
Copy link
Collaborator

when an selinux violation occurs this nasty stack trace gets printed in the journal:

Aug 24 21:50:05 ucore-vm audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.SetroubleshootPrivileged@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?>
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: The call org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext has failed with an exception:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: Traceback (most recent call last):
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 455, in _method_callback
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     result = self._handle_call(
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 265, in _handle_call
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return handler(*parameters, **additional_args)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/share/setroubleshoot/SetroubleshootPrivileged.py", line 57, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 629, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 514, in get_rpm_nvr_by_type
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     build_module_type_cache()
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 565, in build_module_type_cache
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/selinux/targeted/active/modules'

The FileNotFoundError is due to /var/lib/selinux/targeted/active/modules being missing... it SHOULD be there since selinux-policy-targeted is installed, but anything RPMs install to the /var/ filesystem is not retained... a common problem with the rpm-ostree based systems.
@bsherman bsherman added the bug Something isn't working label Aug 24, 2024
@bsherman bsherman self-assigned this Aug 24, 2024
bsherman added a commit that referenced this issue Aug 24, 2024
@bsherman
fix: cleanup journal noise for selinux errors
8b77b36 
Fixes: #193

It may be debatable to fix this... it is log noise, but maybe we should
leave it for a more "real" fix?

Pushing PR to get feedback.
@bsherman bsherman linked a pull request Aug 24, 2024 that will close this issue
Open
@bsherman bsherman removed their assignment Aug 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: cleanup journal noise for selinux errors ublue-os/ucore
1 participant
@bsherman