Bug 15495

Summary: Flood of SELinux denials on polkitd
Product: Drivers Reporter: Alex Villacis Lasso (avillaci)
Component: OtherAssignee: drivers_other
Severity: normal CC: maciej.rutecki, rjw
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.34-rc1 Tree: Mainline
Regression: Yes
Bug Depends on:    
Bug Blocks: 15310    
Attachments: Sample audit.log file filled with polkitd denials
Configuration used to compile faulty kernel

Description Alex Villacis Lasso 2010-03-09 16:47:16 UTC
Created attachment 25431 [details]
Sample audit.log file filled with polkitd denials

This might be in the wrong category. I could not find a category for SELinux bugs.

When booting 2.6.34-rc1 on a Fedora 12 x86_64 system with the latest updates (as of 2010-03-08), I get a very strange behavior that was not present in vanilla 2.6.33. I see that the setroubleshootd daemon is constantly at around 16 percent CPU usage (as shown by top). In addition I see that the file /var/log/audit/audit.log , where SELinux denials are stored, grows to around 5 MB repeatedly and then gets truncated, over and over. A sample of the audit.log is attached. I see that all of the messages are about polkitd.

Steps to reproduce:
1) Compile 2.6.34-rc1 with attached configuration.
2) Reboot with 2.6.34-rc1 and Fedora 12 x86_64
3) Watch CPU usage and size of audit.log

Actual results:
System (even in idle state) gets around 16 percent activity from setroubleshootd and audit.log fills itself with polkitd denials.

Expected results:
setroubleshootd should remain dormant and audit.log should stay static, in idle state.
Comment 1 Alex Villacis Lasso 2010-03-09 16:47:46 UTC
Created attachment 25432 [details]
Configuration used to compile faulty kernel
Comment 2 Alex Villacis Lasso 2010-03-22 19:37:12 UTC
Fixed in 2.6.34-rc2.
Comment 3 Rafael J. Wysocki 2010-03-22 21:17:14 UTC
Fixed by commit 3836a03d978e68b0ae00d3589089343c998cd4ff .