On Sun, 2007-09-02 at 12:54 -0400, John Dennis wrote:
> On Fri, 2007-08-31 at 23:28 +0000, Martin Ebourne wrote:
> > Just noticed a problem with my laptop fully using swap and a major
> > culprit seems to be setroubleshootd. From top it appeared to be using
> > excessive vsize:
>
> Would you do me a favor to help diagnose this and check two things for
> me?
Sure
> 1) Do a wc on /var/lib/setroubleshoot/audit_listener_database.xml
> (you'll need to be root).
2622 8075 124241 /var/lib/setroubleshoot/audit_listener_database.xml
This file is world readable on mine - should it not be?
-rw-r--r-- 1 root root 122K 2007-09-02 22:21 /var/lib/setroubleshoot/audit_listener_database.xml
> 2) Open the sealert browser and see if you've got any alerts with very
> high counts, or an excessive number of alerts.
32 different alerts. The highest scorers are:
230 of avc: denied { search } for comm="modprobe" dev=dm-0 egid=0 euid=0
exe="/sbin/modprobe" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="root"
pid=32248 scontext=user_u:system_r:insmod_t:s0 sgid=0
subj=user_u:system_r:insmod_t:s0 suid=0 tclass=dir
tcontext=root:object_r:user_home_dir_t:s0 tty=pts2 uid=0
40 of avc: denied { search } for comm="sm-notify" dev=dm-0 egid=0 euid=0
exe="/usr/sbin/sm-notify" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
name="root" pid=32223 scontext=user_u:system_r:rpcd_t:s0 sgid=0
subj=user_u:system_r:rpcd_t:s0 suid=0 tclass=dir
tcontext=root:object_r:user_home_dir_t:s0 tty=(none) uid=0
27 of avc: denied { read, write } for comm="pickup" dev=anon_inodefs
egid=0 euid=0 exe="/usr/libexec/postfix/pickup" exit=0 fsgid=0 fsuid=0
gid=0 items=0 name="[eventpoll]" path="anon_inode:[eventpoll]" pid=19768
scontext=system_u:system_r:postfix_pickup_t:s0 sgid=0
subj=system_u:system_r:postfix_pickup_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0
The rest are single digits.
Cheers,
Martin.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
