[02/12 FAILURE] LTPÅ File Capabilities tests becomes defunct and does not complete beyond 12 hours

[Subrata M. <su...@li...>]

Subject: LTPś File Capabilities tests becomes defunct and does not complete beyond 12 hours

Issues Description Below:
===================================
I know Serge and Garret is already working on them and a considerable fix
is already in the pipeline.

# ./runltp -f filecaps
<<<test_start>>>
tag=Filecaps stime=1271951563
cmdline="filecapstest.sh"
contacts=""
analysis=exit
<<<test_output>>>
Running in:
cap_sys_admin tests
testing for correct caps
...
The test hangs here for more than 12 hours.

Following are various info about the processes running this test:
[root@alien5 ltp]# ps ajxf 
1608  1724  1608  1458 ?           -1 S        0   0:00  \_
/opt/ltp/bin/ltp-pan -e -S -a 1608 -n 1608 -p -f /tmp/ltp-71wskF3epE/alltests
-l /opt/ltp/results/LTP_RUN_ON-20
1724 30311 30311  1458 ?           -1 S        0   0:00      \_ /bin/sh
/opt/ltp/testcases/bin/filecapstest.sh
30311 30315 30311  1458 ?           -1 S        0   0:00          \_
verify_caps_exec 1
30315 30316 30311  1458 ?           -1 Z     1000   0:00              \_
[verify_caps_exe] <defunct>

STRACE on the PIDs does not show anything:
[root@alien5 ltp]# strace -p 30425
Process 30425 attached - interrupt to quit
waitpid(-1, ^C <unfinished ...>
Process 30425 detached
[root@alien5 ltp]# strace -p 30429
Process 30429 attached - interrupt to quit
open("caps_fifo", O_RDONLY^C <unfinished ...>
Process 30429 detached
[root@alien5 ltp]# strace -p 30430
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted

[root@alien5 ltp]# getenforce
Permissive
[root@alien5 ltp]# tail -f /var/log/messages
2010-04-21T18:00:15.752320+05:18 alien5 setroubleshoot: SELinux is preventing
/sbin/rsyslogd access to a leaked/opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output file descriptor. For
complete SELinux messages. run sealert -l 894e0d2d-23c3-45d1-9108-71ad97f5a45e
2010-04-21T18:00:15.794214+05:18 alien5 setroubleshoot: SELinux is preventing
/sbin/rsyslogd access to a leaked
/opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output file descriptor. For
complete SELinux messages. run sealert -l 894e0d2d-23c3-45d1-9108-71ad97f5a45e
2010-04-21T18:00:15.823557+05:18 alien5 setroubleshoot: SELinux is preventing
/sbin/rsyslogd access to a leaked
/opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output file descriptor. For
complete SELinux messages. run sealert -l 894e0d2d-23c3-45d1-9108-71ad97f5a45e
2010-04-21T18:00:17.721361+05:18 alien5 syslogtst: syslogtst:10 error level is
logged
Apr 21 18:00:19 alien5 kernel: imklog 4.4.2, log source = /proc/kmsg started.
Apr 21 18:00:19 alien5 rsyslogd: [origin software="rsyslogd" swVersion="4.4.2"
x-pid="2165" x-info="http://www.rsyslog.com"] (re)start
Apr 21 18:00:20 alien5 setroubleshoot: SELinux is preventing /sbin/rsyslogd
access to a leaked /opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output
file descriptor. For complete SELinux messages. run sealert -l
894e0d2d-23c3-45d1-9108-71ad97f5a45e
Apr 21 18:00:20 alien5 setroubleshoot: SELinux is preventing /sbin/rsyslogd
access to a leaked /opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output
file descriptor. For complete SELinux messages. run sealert -l
894e0d2d-23c3-45d1-9108-71ad97f5a45e
Apr 21 18:00:20 alien5 setroubleshoot: SELinux is preventing /sbin/rsyslogd
access to a leaked /opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output
file descriptor. For complete SELinux messages. run sealert -l
894e0d2d-23c3-45d1-9108-71ad97f5a45e

So, i executed the following command:
[root@alien5 ltp]# sealert -l 894e0d2d-23c3-45d1-9108-71ad97f5a45e
exception when creating syslog handler: [Errno 2] No such file or directory
Summary:
SELinux is preventing /sbin/rsyslogd access to a leaked
/opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output file descriptor.

Detailed Description:

[rsyslogd has a permissive type (syslogd_t). This access was not denied.]

SELinux denied access requested by the rsyslogd command. It looks like this is
either a leaked descriptor or rsyslogd output was redirected to a file it is
not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output. You should
generate a bugzilla on selinux-policy, and it will get routed to the
appropriate
package. You can safely ignore this avc.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)

Additional Information:

Source Context                unconfined_u:system_r:syslogd_t:s0
Target Context                unconfined_u:object_r:usr_t:s0
Target Objects                /opt/ltp/output/LTP_RUN_ON-
                              2010_Apr_21-17h_51m_22s.output [ file ]
Source                        rsyslogd
Source Path                   /sbin/rsyslogd
Port                          <Unknown>
Host                          
Source RPM Packages           rsyslog-4.4.2-6.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.15-4.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   leaks
Host Name                     
Platform                      Linux 
                              2.6.33.1-19.fc13.ppc64 #1 SMP Tue Mar 23 06:32:38
                              EDT 2010 ppc64 ppc64
Alert Count                   186
First Seen                    Tue Apr 20 23:55:40 2010
Last Seen                     Wed Apr 21 18:00:19 2010
Local ID                      894e0d2d-23c3-45d1-9108-71ad97f5a45e
Line Numbers                  

Raw Audit Messages            

node= type=AVC msg=audit(1271853019.957:317): avc: 
denied  { append } for  pid=2164 comm="rsyslogd"
path="/opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.output" dev=sda3
ino=1188363 scontext=unconfined_u:system_r:syslogd_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file

node= type=AVC msg=audit(1271853019.957:317): avc: 
denied  { append } for  pid=2164 comm="rsyslogd"
path="/opt/ltp/results/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.log" dev=sda3
ino=1188362 scontext=unconfined_u:system_r:syslogd_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file

node= type=AVC msg=audit(1271853019.957:317): avc: 
denied  { append } for  pid=2164 comm="rsyslogd"
path="/opt/ltp/output/LTP_RUN_ON-2010_Apr_21-17h_51m_22s.failed" dev=sda3
ino=1188364 scontext=unconfined_u:system_r:syslogd_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file

node= type=SYSCALL msg=audit(1271853019.957:317):
arch=14 syscall=11 success=yes exit=0 a0=1026c900 a1=1026b5b0 a2=1026b640
a3=1026b5a8 items=0 ppid=2163 pid=2164 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=22 comm="rsyslogd" exe="/sbin/rsyslogd"
subj=unconfined_u:system_r:syslogd_t:s0 key=(null)

Regards--
Subrata