Bug 15495 - Flood of SELinux denials on polkitd
Summary: Flood of SELinux denials on polkitd
Status: CLOSED CODE_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_other
URL:
Keywords:
Depends on:
Blocks: 15310
  Show dependency tree
 
Reported: 2010-03-09 16:47 UTC by Alex Villacis Lasso
Modified: 2010-03-22 21:17 UTC (History)
2 users (show)

See Also:
Kernel Version: 2.6.34-rc1
Subsystem:
Regression: Yes
Bisected commit-id:


Attachments
Sample audit.log file filled with polkitd denials (144.14 KB, text/plain)
2010-03-09 16:47 UTC, Alex Villacis Lasso
Details
Configuration used to compile faulty kernel (94.26 KB, text/plain)
2010-03-09 16:47 UTC, Alex Villacis Lasso
Details

Description Alex Villacis Lasso 2010-03-09 16:47:16 UTC
Created attachment 25431 [details]
Sample audit.log file filled with polkitd denials

This might be in the wrong category. I could not find a category for SELinux bugs.

When booting 2.6.34-rc1 on a Fedora 12 x86_64 system with the latest updates (as of 2010-03-08), I get a very strange behavior that was not present in vanilla 2.6.33. I see that the setroubleshootd daemon is constantly at around 16 percent CPU usage (as shown by top). In addition I see that the file /var/log/audit/audit.log , where SELinux denials are stored, grows to around 5 MB repeatedly and then gets truncated, over and over. A sample of the audit.log is attached. I see that all of the messages are about polkitd.

Steps to reproduce:
1) Compile 2.6.34-rc1 with attached configuration.
2) Reboot with 2.6.34-rc1 and Fedora 12 x86_64
3) Watch CPU usage and size of audit.log

Actual results:
System (even in idle state) gets around 16 percent activity from setroubleshootd and audit.log fills itself with polkitd denials.

Expected results:
setroubleshootd should remain dormant and audit.log should stay static, in idle state.
Comment 1 Alex Villacis Lasso 2010-03-09 16:47:46 UTC
Created attachment 25432 [details]
Configuration used to compile faulty kernel
Comment 2 Alex Villacis Lasso 2010-03-22 19:37:12 UTC
Fixed in 2.6.34-rc2.
Comment 3 Rafael J. Wysocki 2010-03-22 21:17:14 UTC
Fixed by commit 3836a03d978e68b0ae00d3589089343c998cd4ff .

Note You need to log in before you can comment on or make changes to this bug.