Re: upss.. reason="memory violation" sig=11 => segfault htcondor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 23/05/17 13:50, Gary Tierney wrote:
CC'ing to list.  Replied directly to sender by accident.

On Tue, May 23, 2017 at 01:45:12PM +0100, Gary Tierney wrote:
Try running `semodule -DB`.  Looks like something might be dontaudited.  After
running that command reproduce your error and check the audit log using Lukas'
ausearch command.

On Tue, May 23, 2017 at 12:54:43PM +0100, lejeczek wrote:

On 23/05/17 12:07, Lukas Vrabec wrote:
On 05/23/2017 12:56 PM, lejeczek wrote:
hi fellas

I don't want to disable se, I cannot find booleans, there is no
domain
for htcondor I think.
How do I let my htcondor through?
with se:

condor_submit[29217]: segfault at 0 ip           (null) sp
00007ffd7dfa61c8

type=ANOM_ABEND msg=audit(1495536871.977:1484): auid=2501 uid=1177
gid=513 ses=63
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=1532
comm="condor_submit" reason="memory violation" sig=11

disable se and works.

many thanks.
L.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

Could you reproduce the scenario and then attach output of:
# ausearch -m AVC,USER_AVC -ts recent


Thanks,
Lukas.

hi,
ausearch as above finds nothing, with only "recent" all the grep condor
finds is that one line.
Should I include a few more lines before that condor one?
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Gary Tierney

GPG fingerprint: 412C 0EF9 C305 68E6 B660  BDAF 706E D765 85AA 79D8
https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8

there appears to be something not audited(might be more)

module condor 1.0;

require {
    type user_tmp_t;
    type condor_schedd_t;
    class dir getattr;
}

#============= condor_schedd_t ==============
allow condor_schedd_t user_tmp_t:dir getattr;


but I see there is also condor module packaged in with default targeted. How do I expand on the default module, including what I find with dontaudit?


_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux