Kernel Bug Tracker – Bug 15495
Flood of SELinux denials on polkitd
Last modified: 2010-03-22 21:17:14 UTC
Created attachment 25431 [details]
Sample audit.log file filled with polkitd denials
This might be in the wrong category. I could not find a category for SELinux bugs.
When booting 2.6.34-rc1 on a Fedora 12 x86_64 system with the latest updates (as of 2010-03-08), I get a very strange behavior that was not present in vanilla 2.6.33. I see that the setroubleshootd daemon is constantly at around 16 percent CPU usage (as shown by top). In addition I see that the file /var/log/audit/audit.log , where SELinux denials are stored, grows to around 5 MB repeatedly and then gets truncated, over and over. A sample of the audit.log is attached. I see that all of the messages are about polkitd.
Steps to reproduce:
1) Compile 2.6.34-rc1 with attached configuration.
2) Reboot with 2.6.34-rc1 and Fedora 12 x86_64
3) Watch CPU usage and size of audit.log
System (even in idle state) gets around 16 percent activity from setroubleshootd and audit.log fills itself with polkitd denials.
setroubleshootd should remain dormant and audit.log should stay static, in idle state.
Created attachment 25432 [details]
Configuration used to compile faulty kernel
Fixed in 2.6.34-rc2.
Fixed by commit 3836a03d978e68b0ae00d3589089343c998cd4ff .