View Issue Details

IDProjectCategoryView StatusLast Update
0015210CentOS-7setroubleshootpublic2018-10-01 05:01
Reportergemesyscanada 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015210: [abrt] setroubleshoot-server: __init__.py:913:<module>:ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 ...
DescriptionDescription of problem:
Problem occurs periodically. SELinux is in enforcing mode. It appears that routinely (several times per day),
the problem occurs, where some SELinux issue wants to invoke "/usr/bin/settroubleshootd", but the Python
program to do this crashes.

I noticed I had two Policy.xx modules in /etc/selinux/targeted/policy/policy.30 and policy.31.
I removed policy.30 and ran "semodule -B" to rebuild the policy file, and rebooted the machine.
This did not resolve the problem.

Machine is running CentOS 7.4.1708 (Core), and is an Intel core i3 HP-6200, which runs Gnome 3.22.2.
This crash does not affect production, machine appears stable, but the error occurs several times per day,
randomly. Every login of "root" provokes the message:

"ABRT has detected 1 problem(s). For more info run: abrt-cli list --since <number>"
When I run the "abrt-cli list", I get:
  reason: __init__.py:913:<module>:ValueError: Failed to read //etc/selinux/targeted/policy.31 policy file
  time: <shows current date>
  cmdline: /usr/bin/python -Es /usr/sbin/setroubleshootd -f ' '
  package: setroubleshoot-server-3.2.28-3.el7
  uid: 994 (setroubleshoot)
  count: 2087
  Directory: /var/spool/abrt/Python-2018-08-18-06:55:02-29157
  Reported: https://retrace.fedoraproject.org/faf/reports/bthash/deb2ff99ee75b8f967234671901c6a3b4861f625

Version-Release number of selected component:
setroubleshoot-server-3.2.28-3.el7

Truncated backtrace:
#1 <module> in /usr/lib64/python2.7/site-packages/sepolicy/__init__.py:913
#2 <module> in /usr/lib64/python2.7/site-packages/setroubleshoot/util.py:304
#3 <module> in /usr/sbin/setroubleshootd:30
Additional Informationreporter: libreport-2.1.11.1
cmdline: /usr/bin/python -Es /usr/sbin/setroubleshootd -f ''
dso_list: policycoreutils-python-2.5-17.1.el7.x86_64
executable: /usr/sbin/setroubleshootd
kernel: 4.14.9-1.el7.elrepo.x86_64
pkg_fingerprint: 24C6 A8A7 F4A8 0EB5
pkg_vendor: CentOS
reproducible: The problem occurs regularly
runlevel: N 3
type: Python
uid: 994
TagsNo tags attached.
abrt_hash7859e1494d98e0c6ff4dcd800b6be1bae3499044
URLhttps://retrace.fedoraproject.org/faf/reports/bthash/deb2ff99ee75b8f967234671901c6a3b4861f625

Activities

gemesyscanada

gemesyscanada

2018-08-23 22:06

reporter  

backtrace (9,056 bytes)
__init__.py:913:<module>:ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 policy file

Traceback (most recent call last):
  File "/usr/sbin/setroubleshootd", line 30, in <module>
    from setroubleshoot.util import log_debug
  File "/usr/lib64/python2.7/site-packages/setroubleshoot/util.py", line 304, in <module>
    from sepolicy import get_all_file_types
  File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 913, in <module>
    raise e
ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 policy file

Local variables in innermost frame:
selinux_user_list: None
fcdict: None
selinux: None
subprocess: None
__path__: None
get_attributes_from_type: None
gen_interfaces: None
get_transitions: None
get_entrypoints: None
get_login_mappings: None
read_file_equiv: None
SOURCE: None
get_all_entrypoints: None
get_all_modules: None
policy: None
file_types: None
get_user_types: None
AUDITALLOW: None
ROLE_ALLOW: None
__file__: None
get_all_bools: None
get_fcdict: None
local_files: None
get_all_entrypoint_domains: None
find_file: None
bools: None
get_writable_files: None
defaults: None
SENS: None
file_type_str: None
get_all_domains: None
policy_file: None
get_all_users: None
methods: None
get_local_file_paths: None
DEFAULT_DIRS: None
get_init_entrypoint_target: None
USER: None
NEVERALLOW: None
all_domains: None
PORT: None
login_mappings: None
DONTAUDIT: None
PERMS: None
re: None
get_conditionals: None
get_description: None
get_file_transitions: None
__builtins__: {'bytearray': <type 'bytearray'>, 'IndexError': <type 'exceptions.IndexError'>, 'all': <built-in function all>, 'help': Type help() for interactive help, or help(object) for help about object., 'vars': <built-in function vars>, 'SyntaxError': <type 'exceptions.SyntaxError'>, 'unicode': <type 'unicode'>, 'UnicodeDecodeError': <type 'exceptions.UnicodeDecodeError'>, 'memoryview': <type 'memoryview'>, 'isinstance': <built-in function isinstance>, 'copyright': Copyright (c) 2001-2013 Python Software Foundation.
All Rights Reserved.

Copyright (c) 2000 BeOpen.com.
All Rights Reserved.

Copyright (c) 1995-2001 Corporation for National Research Initiatives.
All Rights Reserved.

Copyright (c) 1991-1995 Stichting Mathematisch Centrum, Amsterdam.
All Rights Reserved., 'NameError': <type 'exceptions.NameError'>, 'BytesWarning': <type 'exceptions.BytesWarning'>, 'dict': <type 'dict'>, 'input': <built-in function input>, 'oct': <built-in function oct>, 'bin': <built-in function bin>, 'SystemExit': <type 'exceptions.SystemExit'>, 'StandardError': <type 'exceptions.StandardError'>, 'format': <built-in function format>, 'repr': <built-in function repr>, 'sorted': <built-in function sorted>, 'False': False, 'RuntimeWarning': <type 'exceptions.RuntimeWarning'>, 'list': <type 'list'>, 'iter': <built-in function iter>, 'reload': <built-in function reload>, 'Warning': <type 'exceptions.Warning'>, '__package__': None, 'round': <built-in function round>, 'dir': <built-in function dir>, 'cmp': <built-in function cmp>, 'set': <type 'set'>, 'bytes': <type 'str'>, 'reduce': <built-in function reduce>, 'intern': <built-in function intern>, 'issubclass': <built-in function issubclass>, 'Ellipsis': Ellipsis, 'EOFError': <type 'exceptions.EOFError'>, 'locals': <built-in function locals>, 'BufferError': <type 'exceptions.BufferError'>, 'slice': <type 'slice'>, 'FloatingPointError': <type 'exceptions.FloatingPointError'>, 'sum': <built-in function sum>, 'getattr': <built-in function getattr>, 'abs': <built-in function abs>, 'exit': Use exit() or Ctrl-D (i.e. EOF) to exit, 'print': <built-in function print>, 'True': True, 'FutureWarning': <type 'exceptions.FutureWarning'>, 'ImportWarning': <type 'exceptions.ImportWarning'>, 'None': None, 'hash': <built-in function hash>, 'ReferenceError': <type 'exceptions.ReferenceError'>, 'len': <built-in function len>, 'credits':     Thanks to CWI, CNRI, BeOpen.com, Zope Corporation and a cast of thousands
    for supporting Python development.  See www.python.org for more information., 'frozenset': <type 'frozenset'>, '__name__': '__builtin__', 'ord': <built-in function ord>, 'super': <type 'super'>, '_': <bound method NullTranslations.ugettext of <gettext.NullTranslations instance at 0x7fea6e952560>>, 'TypeError': <type 'exceptions.TypeError'>, 'license': See http://www.python.org/2.7/license.html, 'KeyboardInterrupt': <type 'exceptions.KeyboardInterrupt'>, 'UserWarning': <type 'exceptions.UserWarning'>, 'filter': <built-in function filter>, 'range': <built-in function range>, 'staticmethod': <type 'staticmethod'>, 'SystemError': <type 'exceptions.SystemError'>, 'BaseException': <type 'exceptions.BaseException'>, 'pow': <built-in function pow>, 'RuntimeError': <type 'exceptions.RuntimeError'>, 'float': <type 'float'>, 'MemoryError': <type 'exceptions.MemoryError'>, 'StopIteration': <type 'exceptions.StopIteration'>, 'globals': <built-in function globals>, 'divmod': <built-in function divmod>, 'enumerate': <type 'enumerate'>, 'apply': <built-in function apply>, 'LookupError': <type 'exceptions.LookupError'>, 'open': <built-in function open>, 'quit': Use quit() or Ctrl-D (i.e. EOF) to exit, 'basestring': <type 'basestring'>, 'UnicodeError': <type 'exceptions.UnicodeError'>, 'zip': <built-in function zip>, 'hex': <built-in function hex>, 'long': <type 'long'>, 'next': <built-in function next>, 'ImportError': <type 'exceptions.ImportError'>, 'chr': <built-in function chr>, 'xrange': <type 'xrange'>, 'type': <type 'type'>, '__doc__': "Built-in functions, exceptions, and other objects.\n\nNoteworthy: None is the `nil' object; Ellipsis represents `...' in slices.", 'Exception': <type 'exceptions.Exception'>, 'tuple': <type 'tuple'>, 'UnicodeTranslateError': <type 'exceptions.UnicodeTranslateError'>, 'reversed': <type 'reversed'>, 'UnicodeEncodeError': <type 'exceptions.UnicodeEncodeError'>, 'IOError': <type 'exceptions.IOError'>, 'hasattr': <built-in function hasattr>, 'delattr': <built-in function delattr>, 'setattr': <built-in function setattr>, 'raw_input': <built-in function raw_input>, 'SyntaxWarning': <type 'exceptions.SyntaxWarning'>, 'compile': <built-in function compile>, 'ArithmeticError': <type 'exceptions.ArithmeticError'>, 'str': <type 'str'>, 'property': <type 'property'>, 'GeneratorExit': <type 'exceptions.GeneratorExit'>, 'int': <type 'int'>, '__import__': <built-in function __import__>, 'KeyError': <type 'exceptions.KeyError'>, 'coerce': <built-in function coerce>, 'PendingDeprecationWarning': <type 'exceptions.PendingDeprecationWarning'>, 'file': <type 'file'>, 'EnvironmentError': <type 'exceptions.EnvironmentError'>, 'unichr': <built-in function unichr>, 'id': <built-in function id>, 'OSError': <type 'exceptions.OSError'>, 'DeprecationWarning': <type 'exceptions.DeprecationWarning'>, 'min': <built-in function min>, 'UnicodeWarning': <type 'exceptions.UnicodeWarning'>, 'execfile': <built-in function execfile>, 'any': <built-in function any>, 'complex': <type 'complex'>, 'bool': <type 'bool'>, 'ValueError': <type 'exceptions.ValueError'>, 'NotImplemented': NotImplemented, 'map': <built-in function map>, 'buffer': <type 'buffer'>, 'max': <built-in function max>, 'object': <type 'object'>, 'TabError': <type 'exceptions.TabError'>, 'callable': <built-in function callable>, 'ZeroDivisionError': <type 'exceptions.ZeroDivisionError'>, 'eval': <built-in function eval>, '__debug__': True, 'IndentationError': <type 'exceptions.IndentationError'>, 'AssertionError': <type 'exceptions.AssertionError'>, 'classmethod': <type 'classmethod'>, 'UnboundLocalError': <type 'exceptions.UnboundLocalError'>, 'NotImplementedError': <type 'exceptions.NotImplementedError'>, 'AttributeError': <type 'exceptions.AttributeError'>, 'OverflowError': <type 'exceptions.OverflowError'>}
interfaces: None
file_type_is_executable: None
get_all_roles: None
mls_range: None
__name__: None
portrecsbynum: None
file_type_is_entrypoint: None
file_equiv: None
get_all_file_types: None
prettyprint: None
ATTRIBUTE: None
_policy: None
get_installed_policy: None
gen_port_dict: None
os: None
all_types: None
PROGNAME: None
get_file_types: None
get_file_equiv_modified: None
get_boolean_rules: None
get_all_port_types: None
port_types: None
find_all_files: None
get_all_modules_from_mod_lst: None
__doc__: None
file_equiv_modified: None
search: None
get_types_from_attribute: None
get_all_attributes: None
get_all_role_allows: None
info: None
TARGET: None
roles: None
all_attributes: None
TRANSITION: None
role_allows: None
BOOLEAN: None
mls_cmp: None
TYPE: None
get_methods: None
get_mls_range: None
get_init_transtype: None
portrecs: None
get_conditionals_format_text: None
gettext: None
__package__: None
TCLASS: None
CLASS: None
find_entrypoint_path: None
trans_file_type_str: None
get_transitions_into: None
users: None
glob: None
get_entrypoint_types: None
sys: None
get_file_equiv: None
get_init_entrypoint: None
ALLOW: None
get_selinux_users: None
util: None
e: None
markup: None
get_all_types: None
CATS: None
ROLE: None
user_types: None
backtrace (9,056 bytes)
environ (92 bytes)
DBUS_STARTER_BUS_TYPE=system
DBUS_STARTER_ADDRESS=unix:path=/var/run/dbus/system_bus_socket
environ (92 bytes)
machineid (135 bytes)
systemd=43f5ac81ae4a4ef6a473900cafffbc43
sosreport_uploader-dmidecode=468742de6ab0ed761331cf602d2d4e92db9699bb0e005518763b8db42f680fce
machineid (135 bytes)
gemesyscanada

gemesyscanada

2018-08-24 01:12

reporter   ~0032582

After some research, I determined a solution to this. Bug ID on the Redhat site (number 1504754) indicates that the issue can be
fixed by updating to newer versions of the following utilities:
setools-3.3.8-2.el7
checkpolicy-2.5-6.el7
policycoreutils-2.5.18.el7
gemesyscanada

gemesyscanada

2018-08-24 01:32

reporter   ~0032583

I am unable to edit my previous notes here using this "Mantis" tool. Perhaps this restriction should be addressed?
My previous note updated before I had completed editing it, and before I could indicate the resolution to this issue. Information
from Redhat ("upstream", is the term?) indicates that the following libraries (with version #'s) needed are:
 libsemanage-2.5-9.el7
 libselinux-2.5-12.el7
 libsepol-2.5-8.e17
Suggestion was to use yum to update both libsepol and policycoreutils, which I did. So, as root:
    yum update libsepol
    yum update policycoreutils
On my CentOS release 7.4.1708, the first update did nothing, but the second one (policycoreutils) brought in several packages,
and the ABRT's have stopped.
Once this was done, I noticed "setroubleshootd" was being started by python successfully, as the system was throwing
numerous "dac-read-search" errors from various utilities, with the most common being from unix_chkpwd, and the
SELInux Troubleshooter menu pop-up was occuring regularly - in all cases related to the "dac-read-search" failures.
(So, at least the SELinux troubleshooter is working again.... )
Hope this info helps. Looks like this bug can be closed with solution: Run yum to update the SELinux policycoreutils package.
I am completely new to Mantis, but I will try to toggle the bug-report closed, if/when I can.
gemesyscanada

gemesyscanada

2018-10-01 05:01

reporter   ~0032828

Another user experienced a similar problem:

I just updated (using the ELRepo repository) to the latest stable ml Linux kernel, 4.18.11, from kernel 3.10, which is
the kernel in CentOS-7.4, the previous Linux version running on the workstation in question.
There is a conflict between the SELinux policy files (#30 and #31), which occurs when you do this.
Previous efforts (on another workstation, running a 4.14 kernel) also showed this behaviour. Upgrading
the kernel borks the setroubleshootd daemon. The bug number I found was: 1504754. I thought it
might be fixed now in kernel 4.18.11, but it is probably not a kernel issue.
What I did on the other machine, was to update: setools-2.3.8-2.el7, checkpolicy-2.5-6.el7, policycoreutils-2.5-18.el7,
libsemanage-2.5-9.el7, libselinux-2.5-12.el7, libsepol-2.5-8.el7. Then, I did a yum update of policycoreutils and
started the setroubleshootd program with " /usr/bin/python -Es /usr/sbin/setroubleshootd -f ' ' ".
Apologies if there are inaccurate elements here - I am referring to my hand-written notes to fill in this bug-report screen.
I hope this information is useful. - M. Langdon, GEMESYS

reporter: libreport-2.1.11.1
cmdline: /usr/bin/python -Es /usr/sbin/setroubleshootd -f ''
dso_list: policycoreutils-python-2.5-17.1.el7.x86_64
executable: /usr/sbin/setroubleshootd
kernel: 4.18.11-1.el7.elrepo.x86_64
package: setroubleshoot-server-3.2.28-3.el7
pkg_fingerprint: 24C6 A8A7 F4A8 0EB5
pkg_vendor: CentOS
reason: __init__.py:913:<module>:ValueError: Failed to read //etc/selinux/targeted/policy/policy.31 policy file
reproducible: The problem occurs regularly
runlevel: N 3
type: Python
uid: 994

Issue History

Date Modified Username Field Change
2018-08-23 22:06 gemesyscanada New Issue
2018-08-23 22:06 gemesyscanada File Added: backtrace
2018-08-23 22:06 gemesyscanada File Added: environ
2018-08-23 22:06 gemesyscanada File Added: machineid
2018-08-24 01:12 gemesyscanada Note Added: 0032582
2018-08-24 01:32 gemesyscanada Note Added: 0032583
2018-10-01 05:01 gemesyscanada Note Added: 0032828