ucore icon indicating copy to clipboard operation
ucore copied to clipboard

Published 20 hours ago verified publisher icon ublue-os

selinux errors fail with obnoxious stack traces

Open bsherman opened this issue 6 months ago • 0 comments

when an selinux violation occurs this nasty stack trace gets printed in the journal:

Aug 24 21:50:05 ucore-vm audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.SetroubleshootPrivileged@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?>
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: The call org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext has failed with an exception:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: Traceback (most recent call last):
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 455, in _method_callback
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     result = self._handle_call(
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 265, in _handle_call
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return handler(*parameters, **additional_args)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/share/setroubleshoot/SetroubleshootPrivileged.py", line 57, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 629, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 514, in get_rpm_nvr_by_type
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     build_module_type_cache()
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 565, in build_module_type_cache
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/selinux/targeted/active/modules'

The FileNotFoundError is due to /var/lib/selinux/targeted/active/modules being missing... it SHOULD be there since selinux-policy-targeted is installed, but anything RPMs install to the /var/ filesystem is not retained... a common problem with the rpm-ostree based systems.

bsherman avatar Aug 24 '24 22:08 bsherman