Hello!
After Fedora 33 upgrade, I am getting /var/log/audit/audit.log flooded with:
type=AVC msg=audit(1604285139.996:14767): avc: denied { read } for pid=5304
comm="rpm" name="rpmdb.sqlite" dev="dm-1" ino=4194322
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0
unless I disable SELinux or wait a few minutes, at which point this appears:
type=SERVICE_STOP msg=audit(1604285483.935:64916): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=dbus-:1.15-org.fedoraproject.SetroubleshootPrivileged@0
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1604285485.965:64917): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=dbus-:1.15-org.fedoraproject.Setroubleshootd@0 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'UID="root" AUID="unset"
And the flood in audit logs stops.
Does that mean there's a missing SELinux policy? I am thinking this is due to
PackageKit, I noticed in dmesg that it also crashes before flooding audit logs:
[ 32.587609] packagekitd[1847]: segfault at 8 ip 0000557cf86243ea sp
00007ffe8f022040 error 4 in packagekitd[557cf8620000+28000]
[ 32.587613] Code: ff ff 41 bc f4 01 00 00 eb 80 66 0f 1f 44 00 00 48 8b 45
d0 4c 89 e1 48 8d 15 6e 3d 02 00 be 10 00 00 00 48 8d 3d 2f 3d 02 00 <4c> 8b 40
08 31 c0 e8 6b d3 ff ff eb a3 66 0f 1f 84 00 00 00 00 00
[ 43.846444] audit: audit_backlog=65 > audit_backlog_limit=64
[ 43.846446] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 43.846446] audit: backlog limit exceeded
[ 43.846464] audit: audit_backlog=65 > audit_backlog_limit=64
[ 43.846464] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[ 43.846465] audit: backlog limit exceeded
[ 43.846471] audit: audit_backlog=65 > audit_backlog_limit=64
[ 43.846471] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[ 43.846472] audit: backlog limit exceeded
[ 43.846488] audit: audit_backlog=65 > audit_backlog_limit=64
[ 49.231452] audit_log_start: 620 callbacks suppressed
Thank you
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
