AVC denied to rpm for rpmdb.sqlite after Fedora 33 upgrade

Sun, 01 Nov 2020 18:55:32 -0800 

Hello!

After Fedora 33 upgrade, I am getting /var/log/audit/audit.log flooded with:

type=AVC msg=audit(1604285139.996:14767): avc:  denied  { read } for  pid=5304 
comm="rpm" name="rpmdb.sqlite" dev="dm-1" ino=4194322 
scontext=system_u:system_r:setroubleshootd_t:s0 
tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0

unless I disable SELinux or wait a few minutes, at which point this appears:

type=SERVICE_STOP msg=audit(1604285483.935:64916): pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 
msg='unit=dbus-:1.15-org.fedoraproject.SetroubleshootPrivileged@0 
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? 
res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1604285485.965:64917): pid=1 uid=0 auid=4294967295 
ses=4294967295 subj=system_u:system_r:init_t:s0 
msg='unit=dbus-:1.15-org.fedoraproject.Setroubleshootd@0 comm="systemd" 
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? 
res=success'UID="root" AUID="unset"

And the flood in audit logs stops.

Does that mean there's a missing SELinux policy? I am thinking this is due to 
PackageKit, I noticed in dmesg that it also crashes before flooding audit logs:

[   32.587609] packagekitd[1847]: segfault at 8 ip 0000557cf86243ea sp 
00007ffe8f022040 error 4 in packagekitd[557cf8620000+28000]
[   32.587613] Code: ff ff 41 bc f4 01 00 00 eb 80 66 0f 1f 44 00 00 48 8b 45 
d0 4c 89 e1 48 8d 15 6e 3d 02 00 be 10 00 00 00 48 8d 3d 2f 3d 02 00 <4c> 8b 40 
08 31 c0 e8 6b d3 ff ff eb a3 66 0f 1f 84 00 00 00 00 00
[   43.846444] audit: audit_backlog=65 > audit_backlog_limit=64
[   43.846446] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[   43.846446] audit: backlog limit exceeded
[   43.846464] audit: audit_backlog=65 > audit_backlog_limit=64
[   43.846464] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[   43.846465] audit: backlog limit exceeded
[   43.846471] audit: audit_backlog=65 > audit_backlog_limit=64
[   43.846471] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[   43.846472] audit: backlog limit exceeded
[   43.846488] audit: audit_backlog=65 > audit_backlog_limit=64
[   49.231452] audit_log_start: 620 callbacks suppressed

Thank you
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Reply via email to