I'll jump in here to say we'll try your suggestion, but I guess what's not been mentioned is that we get the setroubleshoot abrt's only a few times a day, but we're getting 10000s of setroubleshoot messages in /var/log/messages a day. e.g. Dec 2 10:03:55 server audispd: queue is full - dropping event Dec 2 10:04:00 server audispd: last message repeated 199 times Dec 2 10:04:00 server rsyslogd-2177: imuxsock begins to drop messages from pid 5967 due to rate-limiting Dec 2 10:04:01 server rsyslogd-2177: imuxsock lost 2 messages from pid 5967 due to rate-limiting Dec 2 10:04:01 server audispd: queue is full - dropping event Dec 2 10:04:02 server audispd: last message repeated 134 times Dec 2 10:04:02 server setroubleshoot: SELinux is preventing /bin/ps from read access on the file /proc/<pid>/stat. For complete SELinux messages. run sealert -l 2274b1c7-fd69-4fa8-8e67-cd7a9da9eff4 Dec 2 10:04:02 server audispd: queue is full - dropping event Dec 2 10:04:03 server audispd: last message repeated 48 times Dec 2 10:04:03 server setroubleshoot: SELinux is preventing /bin/ps from getattr access on the directory /proc/<pid>. For complete SELinux messages. run sealert -l 2d09d555-8834-4c27-976b-6647f8673286 Dec 2 10:04:03 server audispd: queue is full - dropping event Dec 2 10:04:03 server audispd: last message repeated 15 times Dec 2 10:04:03 server rsyslogd-2177: imuxsock begins to drop messages from pid 5967 due to rate-limiting Dec 2 10:04:03 server setroubleshoot: SELinux is preventing /bin/ps from search access on the directory /proc/<pid>/stat. For complete SELinux messages. run sealert -l 0ef0c7a1-acb2-433a-aaa2-361cc95b6069 Dec 2 10:04:04 server setroubleshoot: last message repeated 2 times Dec 2 10:04:04 server setroubleshoot: SELinux is preventing /bin/ps from getattr access on the directory /proc/<pid>. For complete SELinux messages. run sealert -l 58f859b0-7382-428e-81f0-3e85f66d79fc Dec 2 10:04:04 server setroubleshoot: SELinux is preventing /bin/ps from search access on the directory /proc/<pid>/stat. For complete SELinux messages. run sealert -l 2448a46d-5089-4f85-aae8-e9013341471f Dec 2 10:04:05 server setroubleshoot: last message repeated 2 times Dec 2 10:04:05 server setroubleshoot: SELinux is preventing /bin/ps from getattr access on the directory /proc/<pid>. For complete SELinux messages. run sealert -l f935416b-54fe-4bbd-b66c-2e1b2e6724be Dec 2 10:04:06 server setroubleshoot: SELinux is preventing /bin/ps from search access on the directory /proc/<pid>/stat. For complete SELinux messages. run sealert -l d8dbf973-7bc2-4fd5-9540-18c4040be03c Dec 2 10:04:06 server setroubleshoot: last message repeated 2 times Dec 2 10:04:06 server sedispatch: AVC Message for setroubleshoot, dropping message Dec 2 10:04:06 server sedispatch: last message repeated 3 times Cheers, John On 1 December 2014 at 17:19, Daniel J Walsh <dwalsh at redhat.com> wrote:> > On 12/01/2014 10:39 AM, Gary Smithson wrote: > > We are currently running libxml2-2.7.6-14.el6_5.2.x86_64 > > > > How far back would you suggest we go? would > libxml2-2.7.6-14.el6_5.1.x86_64 be sufficient > Ok might not be related. One other suggestion would be to clear the > database out. And see if there > was something in the database that was causing it problems. > > Make sure there is no setroubleshootd running and > > >/var/lib/setroubleshoot/setroubleshoot_database.xml > > -----Original Message----- > > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Daniel J Walsh > > Sent: 01 December 2014 15:10 > > To: CentOS mailing list > > Subject: Re: [CentOS] SEtroubleshootd Crashing > > > > I am not sure. I was just seeing email on this today. Could you try to > downgrade the latest version of libxml to see if the problem goes away. > > > > On 12/01/2014 10:01 AM, Gary Smithson wrote: > >> Thanks > >> > >> Could you please clarify, which version libxml is broken and has there > been a newer version released that will fix it. > >> > >> -----Original Message----- > >> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > >> Behalf Of Daniel J Walsh > >> Sent: 01 December 2014 14:58 > >> To: CentOS mailing list > >> Subject: Re: [CentOS] SEtroubleshootd Crashing > >> > >> This seems to be a problem with an updated version of libxml. > >> On 11/28/2014 09:04 AM, Gary Smithson wrote: > >>> When running Node.js through Phusion Passenger on Centos 6.5 ( Linux > 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 > x86_64 x86_64 GNU/Linux), with SELinux enabled in permissive mode we > receive a large number of entries in the audit.log and setroubleshootd > randomly crashes with the following error, We have resolved the selinux > alerts by following the troubleshooting steps recommend by running > sealert,However we are concerned by setroubleshootd crashing and are > concered that we may have masked the issue by fixing the entries in the > audit.log. > >>> > >>> > >>> > >>> abrt_version: 2.0.8 > >>> > >>> cmdline: /usr/bin/python -Es /usr/sbin/setroubleshootd -f '' > >>> > >>> executable: /usr/sbin/setroubleshootd > >>> > >>> kernel: 2.6.32-431.23.3.el6.x86_64 > >>> > >>> last_occurrence: 1417101625 > >>> > >>> time: Thu 27 Nov 2014 03:20:25 PM UTC > >>> > >>> uid: 0 > >>> > >>> username: root > >>> > >>> > >>> > >>> sosreport.tar.xz: Binary file, 3642240 bytes > >>> > >>> > >>> > >>> backtrace: > >>> > >>> :analyze.py:426:lookup_signature:ProgramError: [Errno 1001] signature > >>> not found > >>> > >>> : > >>> > >>> :Traceback (most recent call last): > >>> > >>> : File > >>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>> 401, in auto_save_callback > >>> > >>> : self.save() > >>> > >>> : File > >>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>> 377, in save > >>> > >>> : self.prune() > >>> > >>> : File > >>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>> 340, in prune > >>> > >>> : self.delete_signature(sig, prune=True) > >>> > >>> : File > >>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>> 471, in delete_signature > >>> > >>> : siginfo = self.lookup_signature(sig) > >>> > >>> : File > >>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>> 426, in lookup_signature > >>> > >>> : raise ProgramError(ERR_NO_SIGNATURE_MATCH) > >>> > >>> :ProgramError: [Errno 1001] signature not found > >>> > >>> : > >>> > >>> :Local variables in innermost frame: > >>> > >>> :matches: [] > >>> > >>> :siginfo: None > >>> > >>> :self: <setroubleshoot.analyze.SETroubleshootDatabase object at > >>> 0x151d590> > >>> > >>> :sig: <setroubleshoot.signature.SEFaultSignature object at 0x645a050> > >>> > >>> > >>> > >>> We are running the following versions Passenger/htttpd/node > >>> > >>> > >>> passenger --version > >>> > >>> Phusion Passenger version 4.0.53 > >>> > >>> > >>> httpd -v > >>> Server version: Apache/2.2.15 (Unix) > >>> Server built: Jul 23 2014 14:17:29 > >>> > >>> > >>> node -v > >>> v0.10.32 > >>> > >>> This email is from the Press Association. For more information, see > www.pressassociation.com. This email may contain confidential > information. Only the addressee is permitted to read, copy, distribute or > otherwise use this email or any attachments. If you have received it in > error, please contact the sender immediately. Any opinion expressed in this > email is personal to the sender and may not reflect the opinion of the > Press Association. Any email reply to this address may be subject to > interception or monitoring for operational reasons or for lawful business > practices. > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS at centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > >> This email is from the Press Association. For more information, see > www.pressassociation.com. This email may contain confidential > information. Only the addressee is permitted to read, copy, distribute or > otherwise use this email or any attachments. If you have received it in > error, please contact the sender immediately. Any opinion expressed in this > email is personal to the sender and may not reflect the opinion of the > Press Association. Any email reply to this address may be subject to > interception or monitoring for operational reasons or for lawful business > practices. > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > This email is from the Press Association. For more information, see > www.pressassociation.com. This email may contain confidential > information. Only the addressee is permitted to read, copy, distribute or > otherwise use this email or any attachments. If you have received it in > error, please contact the sender immediately. Any opinion expressed in this > email is personal to the sender and may not reflect the opinion of the > Press Association. Any email reply to this address may be subject to > interception or monitoring for operational reasons or for lawful business > practices. > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake
Could you send me a copy of your audit.log. You should not be getting hundreds of AVC's a day. ausearch -m avc,user_avc -ts today On 12/02/2014 05:08 AM, John Beranek wrote:> I'll jump in here to say we'll try your suggestion, but I guess what's not > been mentioned is that we get the setroubleshoot abrt's only a few times a > day, but we're getting 10000s of setroubleshoot messages in > /var/log/messages a day. > > e.g. > > Dec 2 10:03:55 server audispd: queue is full - dropping event > Dec 2 10:04:00 server audispd: last message repeated 199 times > Dec 2 10:04:00 server rsyslogd-2177: imuxsock begins to drop messages from > pid 5967 due to rate-limiting > Dec 2 10:04:01 server rsyslogd-2177: imuxsock lost 2 messages from pid > 5967 due to rate-limiting > Dec 2 10:04:01 server audispd: queue is full - dropping event > Dec 2 10:04:02 server audispd: last message repeated 134 times > Dec 2 10:04:02 server setroubleshoot: SELinux is preventing /bin/ps from > read access on the file /proc/<pid>/stat. For complete SELinux messages. > run sealert -l 2274b1c7-fd69-4fa8-8e67-cd7a9da9eff4 > Dec 2 10:04:02 server audispd: queue is full - dropping event > Dec 2 10:04:03 server audispd: last message repeated 48 times > Dec 2 10:04:03 server setroubleshoot: SELinux is preventing /bin/ps from > getattr access on the directory /proc/<pid>. For complete SELinux messages. > run sealert -l 2d09d555-8834-4c27-976b-6647f8673286 > Dec 2 10:04:03 server audispd: queue is full - dropping event > Dec 2 10:04:03 server audispd: last message repeated 15 times > Dec 2 10:04:03 server rsyslogd-2177: imuxsock begins to drop messages from > pid 5967 due to rate-limiting > Dec 2 10:04:03 server setroubleshoot: SELinux is preventing /bin/ps from > search access on the directory /proc/<pid>/stat. For complete SELinux > messages. run sealert -l 0ef0c7a1-acb2-433a-aaa2-361cc95b6069 > Dec 2 10:04:04 server setroubleshoot: last message repeated 2 times > Dec 2 10:04:04 server setroubleshoot: SELinux is preventing /bin/ps from > getattr access on the directory /proc/<pid>. For complete SELinux messages. > run sealert -l 58f859b0-7382-428e-81f0-3e85f66d79fc > Dec 2 10:04:04 server setroubleshoot: SELinux is preventing /bin/ps from > search access on the directory /proc/<pid>/stat. For complete SELinux > messages. run sealert -l 2448a46d-5089-4f85-aae8-e9013341471f > Dec 2 10:04:05 server setroubleshoot: last message repeated 2 times > Dec 2 10:04:05 server setroubleshoot: SELinux is preventing /bin/ps from > getattr access on the directory /proc/<pid>. For complete SELinux messages. > run sealert -l f935416b-54fe-4bbd-b66c-2e1b2e6724be > Dec 2 10:04:06 server setroubleshoot: SELinux is preventing /bin/ps from > search access on the directory /proc/<pid>/stat. For complete SELinux > messages. run sealert -l d8dbf973-7bc2-4fd5-9540-18c4040be03c > Dec 2 10:04:06 server setroubleshoot: last message repeated 2 times > Dec 2 10:04:06 server sedispatch: AVC Message for setroubleshoot, dropping > message > Dec 2 10:04:06 server sedispatch: last message repeated 3 times > > Cheers, > > John > > On 1 December 2014 at 17:19, Daniel J Walsh <dwalsh at redhat.com> wrote: > >> On 12/01/2014 10:39 AM, Gary Smithson wrote: >>> We are currently running libxml2-2.7.6-14.el6_5.2.x86_64 >>> >>> How far back would you suggest we go? would >> libxml2-2.7.6-14.el6_5.1.x86_64 be sufficient >> Ok might not be related. One other suggestion would be to clear the >> database out. And see if there >> was something in the database that was causing it problems. >> >> Make sure there is no setroubleshootd running and >> >>> /var/lib/setroubleshoot/setroubleshoot_database.xml >>> -----Original Message----- >>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On >> Behalf Of Daniel J Walsh >>> Sent: 01 December 2014 15:10 >>> To: CentOS mailing list >>> Subject: Re: [CentOS] SEtroubleshootd Crashing >>> >>> I am not sure. I was just seeing email on this today. Could you try to >> downgrade the latest version of libxml to see if the problem goes away. >>> On 12/01/2014 10:01 AM, Gary Smithson wrote: >>>> Thanks >>>> >>>> Could you please clarify, which version libxml is broken and has there >> been a newer version released that will fix it. >>>> -----Original Message----- >>>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On >>>> Behalf Of Daniel J Walsh >>>> Sent: 01 December 2014 14:58 >>>> To: CentOS mailing list >>>> Subject: Re: [CentOS] SEtroubleshootd Crashing >>>> >>>> This seems to be a problem with an updated version of libxml. >>>> On 11/28/2014 09:04 AM, Gary Smithson wrote: >>>>> When running Node.js through Phusion Passenger on Centos 6.5 ( Linux >> 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 >> x86_64 x86_64 GNU/Linux), with SELinux enabled in permissive mode we >> receive a large number of entries in the audit.log and setroubleshootd >> randomly crashes with the following error, We have resolved the selinux >> alerts by following the troubleshooting steps recommend by running >> sealert,However we are concerned by setroubleshootd crashing and are >> concered that we may have masked the issue by fixing the entries in the >> audit.log. >>>>> >>>>> >>>>> abrt_version: 2.0.8 >>>>> >>>>> cmdline: /usr/bin/python -Es /usr/sbin/setroubleshootd -f '' >>>>> >>>>> executable: /usr/sbin/setroubleshootd >>>>> >>>>> kernel: 2.6.32-431.23.3.el6.x86_64 >>>>> >>>>> last_occurrence: 1417101625 >>>>> >>>>> time: Thu 27 Nov 2014 03:20:25 PM UTC >>>>> >>>>> uid: 0 >>>>> >>>>> username: root >>>>> >>>>> >>>>> >>>>> sosreport.tar.xz: Binary file, 3642240 bytes >>>>> >>>>> >>>>> >>>>> backtrace: >>>>> >>>>> :analyze.py:426:lookup_signature:ProgramError: [Errno 1001] signature >>>>> not found >>>>> >>>>> : >>>>> >>>>> :Traceback (most recent call last): >>>>> >>>>> : File >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line >>>>> 401, in auto_save_callback >>>>> >>>>> : self.save() >>>>> >>>>> : File >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line >>>>> 377, in save >>>>> >>>>> : self.prune() >>>>> >>>>> : File >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line >>>>> 340, in prune >>>>> >>>>> : self.delete_signature(sig, prune=True) >>>>> >>>>> : File >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line >>>>> 471, in delete_signature >>>>> >>>>> : siginfo = self.lookup_signature(sig) >>>>> >>>>> : File >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line >>>>> 426, in lookup_signature >>>>> >>>>> : raise ProgramError(ERR_NO_SIGNATURE_MATCH) >>>>> >>>>> :ProgramError: [Errno 1001] signature not found >>>>> >>>>> : >>>>> >>>>> :Local variables in innermost frame: >>>>> >>>>> :matches: [] >>>>> >>>>> :siginfo: None >>>>> >>>>> :self: <setroubleshoot.analyze.SETroubleshootDatabase object at >>>>> 0x151d590> >>>>> >>>>> :sig: <setroubleshoot.signature.SEFaultSignature object at 0x645a050> >>>>> >>>>> >>>>> >>>>> We are running the following versions Passenger/htttpd/node >>>>> >>>>> >>>>> passenger --version >>>>> >>>>> Phusion Passenger version 4.0.53 >>>>> >>>>> >>>>> httpd -v >>>>> Server version: Apache/2.2.15 (Unix) >>>>> Server built: Jul 23 2014 14:17:29 >>>>> >>>>> >>>>> node -v >>>>> v0.10.32 >>>>> >>>>> This email is from the Press Association. For more information, see >> www.pressassociation.com. This email may contain confidential >> information. Only the addressee is permitted to read, copy, distribute or >> otherwise use this email or any attachments. If you have received it in >> error, please contact the sender immediately. Any opinion expressed in this >> email is personal to the sender and may not reflect the opinion of the >> Press Association. Any email reply to this address may be subject to >> interception or monitoring for operational reasons or for lawful business >> practices. >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>>> >>>> This email is from the Press Association. For more information, see >> www.pressassociation.com. This email may contain confidential >> information. Only the addressee is permitted to read, copy, distribute or >> otherwise use this email or any attachments. If you have received it in >> error, please contact the sender immediately. Any opinion expressed in this >> email is personal to the sender and may not reflect the opinion of the >> Press Association. Any email reply to this address may be subject to >> interception or monitoring for operational reasons or for lawful business >> practices. >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >>> This email is from the Press Association. For more information, see >> www.pressassociation.com. This email may contain confidential >> information. Only the addressee is permitted to read, copy, distribute or >> otherwise use this email or any attachments. If you have received it in >> error, please contact the sender immediately. Any opinion expressed in this >> email is personal to the sender and may not reflect the opinion of the >> Press Association. Any email reply to this address may be subject to >> interception or monitoring for operational reasons or for lawful business >> practices. >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > >
Mark: Labels look OK, restorecon has nothing to do, and: -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote:> Could you send me a copy of your audit.log. > > You should not be getting hundreds of AVC's a day. > > ausearch -m avc,user_avc -ts today > > On 12/02/2014 05:08 AM, John Beranek wrote: > > I'll jump in here to say we'll try your suggestion, but I guess what's > not > > been mentioned is that we get the setroubleshoot abrt's only a few times > a > > day, but we're getting 10000s of setroubleshoot messages in > > /var/log/messages a day. > > > > e.g. > > > > Dec 2 10:03:55 server audispd: queue is full - dropping event > > Dec 2 10:04:00 server audispd: last message repeated 199 times > > Dec 2 10:04:00 server rsyslogd-2177: imuxsock begins to drop messages > from > > pid 5967 due to rate-limiting > > Dec 2 10:04:01 server rsyslogd-2177: imuxsock lost 2 messages from pid > > 5967 due to rate-limiting > > Dec 2 10:04:01 server audispd: queue is full - dropping event > > Dec 2 10:04:02 server audispd: last message repeated 134 times > > Dec 2 10:04:02 server setroubleshoot: SELinux is preventing /bin/ps from > > read access on the file /proc/<pid>/stat. For complete SELinux messages. > > run sealert -l 2274b1c7-fd69-4fa8-8e67-cd7a9da9eff4 > > Dec 2 10:04:02 server audispd: queue is full - dropping event > > Dec 2 10:04:03 server audispd: last message repeated 48 times > > Dec 2 10:04:03 server setroubleshoot: SELinux is preventing /bin/ps from > > getattr access on the directory /proc/<pid>. For complete SELinux > messages. > > run sealert -l 2d09d555-8834-4c27-976b-6647f8673286 > > Dec 2 10:04:03 server audispd: queue is full - dropping event > > Dec 2 10:04:03 server audispd: last message repeated 15 times > > Dec 2 10:04:03 server rsyslogd-2177: imuxsock begins to drop messages > from > > pid 5967 due to rate-limiting > > Dec 2 10:04:03 server setroubleshoot: SELinux is preventing /bin/ps from > > search access on the directory /proc/<pid>/stat. For complete SELinux > > messages. run sealert -l 0ef0c7a1-acb2-433a-aaa2-361cc95b6069 > > Dec 2 10:04:04 server setroubleshoot: last message repeated 2 times > > Dec 2 10:04:04 server setroubleshoot: SELinux is preventing /bin/ps from > > getattr access on the directory /proc/<pid>. For complete SELinux > messages. > > run sealert -l 58f859b0-7382-428e-81f0-3e85f66d79fc > > Dec 2 10:04:04 server setroubleshoot: SELinux is preventing /bin/ps from > > search access on the directory /proc/<pid>/stat. For complete SELinux > > messages. run sealert -l 2448a46d-5089-4f85-aae8-e9013341471f > > Dec 2 10:04:05 server setroubleshoot: last message repeated 2 times > > Dec 2 10:04:05 server setroubleshoot: SELinux is preventing /bin/ps from > > getattr access on the directory /proc/<pid>. For complete SELinux > messages. > > run sealert -l f935416b-54fe-4bbd-b66c-2e1b2e6724be > > Dec 2 10:04:06 server setroubleshoot: SELinux is preventing /bin/ps from > > search access on the directory /proc/<pid>/stat. For complete SELinux > > messages. run sealert -l d8dbf973-7bc2-4fd5-9540-18c4040be03c > > Dec 2 10:04:06 server setroubleshoot: last message repeated 2 times > > Dec 2 10:04:06 server sedispatch: AVC Message for setroubleshoot, > dropping > > message > > Dec 2 10:04:06 server sedispatch: last message repeated 3 times > > > > Cheers, > > > > John > > > > On 1 December 2014 at 17:19, Daniel J Walsh <dwalsh at redhat.com> wrote: > > > >> On 12/01/2014 10:39 AM, Gary Smithson wrote: > >>> We are currently running libxml2-2.7.6-14.el6_5.2.x86_64 > >>> > >>> How far back would you suggest we go? would > >> libxml2-2.7.6-14.el6_5.1.x86_64 be sufficient > >> Ok might not be related. One other suggestion would be to clear the > >> database out. And see if there > >> was something in the database that was causing it problems. > >> > >> Make sure there is no setroubleshootd running and > >> > >>> /var/lib/setroubleshoot/setroubleshoot_database.xml > >>> -----Original Message----- > >>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > >> Behalf Of Daniel J Walsh > >>> Sent: 01 December 2014 15:10 > >>> To: CentOS mailing list > >>> Subject: Re: [CentOS] SEtroubleshootd Crashing > >>> > >>> I am not sure. I was just seeing email on this today. Could you try > to > >> downgrade the latest version of libxml to see if the problem goes away. > >>> On 12/01/2014 10:01 AM, Gary Smithson wrote: > >>>> Thanks > >>>> > >>>> Could you please clarify, which version libxml is broken and has there > >> been a newer version released that will fix it. > >>>> -----Original Message----- > >>>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > >>>> Behalf Of Daniel J Walsh > >>>> Sent: 01 December 2014 14:58 > >>>> To: CentOS mailing list > >>>> Subject: Re: [CentOS] SEtroubleshootd Crashing > >>>> > >>>> This seems to be a problem with an updated version of libxml. > >>>> On 11/28/2014 09:04 AM, Gary Smithson wrote: > >>>>> When running Node.js through Phusion Passenger on Centos 6.5 ( Linux > >> 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 > >> x86_64 x86_64 GNU/Linux), with SELinux enabled in permissive mode we > >> receive a large number of entries in the audit.log and setroubleshootd > >> randomly crashes with the following error, We have resolved the selinux > >> alerts by following the troubleshooting steps recommend by running > >> sealert,However we are concerned by setroubleshootd crashing and are > >> concered that we may have masked the issue by fixing the entries in the > >> audit.log. > >>>>> > >>>>> > >>>>> abrt_version: 2.0.8 > >>>>> > >>>>> cmdline: /usr/bin/python -Es /usr/sbin/setroubleshootd -f '' > >>>>> > >>>>> executable: /usr/sbin/setroubleshootd > >>>>> > >>>>> kernel: 2.6.32-431.23.3.el6.x86_64 > >>>>> > >>>>> last_occurrence: 1417101625 > >>>>> > >>>>> time: Thu 27 Nov 2014 03:20:25 PM UTC > >>>>> > >>>>> uid: 0 > >>>>> > >>>>> username: root > >>>>> > >>>>> > >>>>> > >>>>> sosreport.tar.xz: Binary file, 3642240 bytes > >>>>> > >>>>> > >>>>> > >>>>> backtrace: > >>>>> > >>>>> :analyze.py:426:lookup_signature:ProgramError: [Errno 1001] signature > >>>>> not found > >>>>> > >>>>> : > >>>>> > >>>>> :Traceback (most recent call last): > >>>>> > >>>>> : File > >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>>>> 401, in auto_save_callback > >>>>> > >>>>> : self.save() > >>>>> > >>>>> : File > >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>>>> 377, in save > >>>>> > >>>>> : self.prune() > >>>>> > >>>>> : File > >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>>>> 340, in prune > >>>>> > >>>>> : self.delete_signature(sig, prune=True) > >>>>> > >>>>> : File > >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>>>> 471, in delete_signature > >>>>> > >>>>> : siginfo = self.lookup_signature(sig) > >>>>> > >>>>> : File > >>>>> "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line > >>>>> 426, in lookup_signature > >>>>> > >>>>> : raise ProgramError(ERR_NO_SIGNATURE_MATCH) > >>>>> > >>>>> :ProgramError: [Errno 1001] signature not found > >>>>> > >>>>> : > >>>>> > >>>>> :Local variables in innermost frame: > >>>>> > >>>>> :matches: [] > >>>>> > >>>>> :siginfo: None > >>>>> > >>>>> :self: <setroubleshoot.analyze.SETroubleshootDatabase object at > >>>>> 0x151d590> > >>>>> > >>>>> :sig: <setroubleshoot.signature.SEFaultSignature object at 0x645a050> > >>>>> > >>>>> > >>>>> > >>>>> We are running the following versions Passenger/htttpd/node > >>>>> > >>>>> > >>>>> passenger --version > >>>>> > >>>>> Phusion Passenger version 4.0.53 > >>>>> > >>>>> > >>>>> httpd -v > >>>>> Server version: Apache/2.2.15 (Unix) > >>>>> Server built: Jul 23 2014 14:17:29 > >>>>> > >>>>> > >>>>> node -v > >>>>> v0.10.32 > >>>>> > >>>>> This email is from the Press Association. For more information, see > >> www.pressassociation.com. This email may contain confidential > >> information. Only the addressee is permitted to read, copy, distribute > or > >> otherwise use this email or any attachments. If you have received it in > >> error, please contact the sender immediately. Any opinion expressed in > this > >> email is personal to the sender and may not reflect the opinion of the > >> Press Association. Any email reply to this address may be subject to > >> interception or monitoring for operational reasons or for lawful > business > >> practices. > >>>>> _______________________________________________ > >>>>> CentOS mailing list > >>>>> CentOS at centos.org > >>>>> http://lists.centos.org/mailman/listinfo/centos > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS at centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>>> > >>>> This email is from the Press Association. For more information, see > >> www.pressassociation.com. This email may contain confidential > >> information. Only the addressee is permitted to read, copy, distribute > or > >> otherwise use this email or any attachments. If you have received it in > >> error, please contact the sender immediately. Any opinion expressed in > this > >> email is personal to the sender and may not reflect the opinion of the > >> Press Association. Any email reply to this address may be subject to > >> interception or monitoring for operational reasons or for lawful > business > >> practices. > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS at centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS at centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >>> > >>> This email is from the Press Association. For more information, see > >> www.pressassociation.com. This email may contain confidential > >> information. Only the addressee is permitted to read, copy, distribute > or > >> otherwise use this email or any attachments. If you have received it in > >> error, please contact the sender immediately. Any opinion expressed in > this > >> email is personal to the sender and may not reflect the opinion of the > >> Press Association. Any email reply to this address may be subject to > >> interception or monitoring for operational reasons or for lawful > business > >> practices. > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS at centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake