On Mon, 2017-12-04 at 10:44 -0500, Stephen Smalley wrote: > On Mon, 2017-12-04 at 15:15 +0530, Aman Sharma wrote: > > Hi All, > > > > I am seeing a number of su core files after a fresh install of Cent > > OS 7 Machine. In this particular case I have 622 cores files found. > > The backtrace is given below > > > > Reading symbols from /usr/bin/su...Reading symbols from > > /usr/bin/su...(no debugging symbols found)...done. > > (no debugging symbols found)...done. > > [New LWP 15427] > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/lib64/libthread_db.so.1". > > Core was generated by `su - informix -c source > > /usr/local/cm/db/informix/local/ids.env; /usr/local/cm/'. > > Program terminated with signal 6, Aborted. > > #0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 > > > > ==================================== > > backtrace > > =================================== > > #0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 > > #1 0x00007f74f109b8c8 in abort () from /lib64/libc.so.6 > > #2 0x00007f74f1093146 in __assert_fail_base () from > > /lib64/libc.so.6 > > #3 0x00007f74f10931f2 in __assert_fail () from /lib64/libc.so.6 > > #4 0x00007f74e9ed46ac in avc_context_to_sid_raw () from > > /lib64/libselinux.so.1 > > #5 0x00007f74e9ed46e5 in avc_context_to_sid () from > > /lib64/libselinux.so.1 > > #6 0x00007f74e9ed83ad in selinux_check_access () from > > /lib64/libselinux.so.1 > > #7 0x00007f74ea0f4d76 in check_for_root () from > > /lib/security/../../lib64/security/pam_rootok.so > > #8 0x00007f74f162cf1a in _pam_dispatch () from /lib64/libpam.so.0 > > #9 0x00007f74f162c7e0 in pam_authenticate () from > > /lib64/libpam.so.0 > > #10 0x00007f74f1a5f857 in su_main () > > #11 0x00007f74f1086b35 in __libc_start_main () from > > /lib64/libc.so.6 > > #12 0x00007f74f1a5e890 in _start () > > ==================================== > > > > From the Back trace logs , looks like crash is related to Selinux. > > Can Any body Please help me on this. why its getting crash. > > Implication is that pam_rootok passed a NULL context to > selinux_check_access(). Which would be a bug in pam. What does > sestatus -v show for this machine? Sorry, I'm wrong; the assert is on avc_running, which implies that the AVC wasn't initialized. sestatus -v would still be useful. Also rpm -q libselinux.
