[F8] setroubleshoot running at 85-95% of CPU

Discussion:

Daniel B. Thurman

2007-12-14 15:17:04 UTC

This thread was originally posted at fedora-list, but other
posters recommended that I repost this thread here in this
list, although cleaned up.

For awhile, it seemed that I was getting regular sealert warnings
(the "star" in notification taskbar) but now I no longer receive it.

I noticed that setroubleshoot was running at 85-95% of CPU load so
I killed it along with sealert processes and that brought the CPU
load WAY down.

I have removed the setroubleshoot packages and re-installed it.
It did not remove the problem.

At this point, I have disabled the setroubleshootd service and my
CPU is now quiet.

What can I do to fix or analyze this problem?

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007 9:15 AM

John Dennis

2007-12-14 18:38:01 UTC

Permalink

Post by Daniel B. Thurman
This thread was originally posted at fedora-list, but other
posters recommended that I repost this thread here in this
list, although cleaned up.
For awhile, it seemed that I was getting regular sealert warnings
(the "star" in notification taskbar) but now I no longer receive it.
I noticed that setroubleshoot was running at 85-95% of CPU load so
I killed it along with sealert processes and that brought the CPU
load WAY down.
I have removed the setroubleshoot packages and re-installed it.
It did not remove the problem.
At this point, I have disabled the setroubleshootd service and my
CPU is now quiet.
What can I do to fix or analyze this problem?

File a bug report for starters. It would really help to get some
diagnostic information. To do this edit
/etc/setroubleshoot/setroubleshoot.cfg, find the section in the cfg file
label setroubleshootd_log, in that section change the value of level to
debug and then restart setroubleshootd with

/sbin/service setroubleshoot restart

After it misbehaves stop the service with

/sbin/service setroubleshoot stop

Then attach the logfile /var/log/setroubleshoot/setroubleshootd.log to
the bug report.

Thank you.

--
John Dennis <jdennis at redhat.com>

Daniel B. Thurman

2007-12-14 21:22:31 UTC

Permalink

John Dennis wrote"

Post by John Dennis
File a bug report for starters. It would really help to get some
diagnostic information. To do this edit
/etc/setroubleshoot/setroubleshoot.cfg, find the section in
the cfg file
label setroubleshootd_log, in that section change the value of
level to
debug and then restart setroubleshootd with
/sbin/service setroubleshoot restart
After it misbehaves stop the service with
/sbin/service setroubleshoot stop
Then attach the logfile /var/log/setroubleshoot/setroubleshootd.log to
the bug report.

Ok, I have set the level = debug, started setroublesootd and tail'ed
/var/log/setroubleshootd/*.log for about 15-30 minutes and I see
nothing at all. Not a single entry was logged.

I tried to bring up the sealert (or Applications->System-Tools->
SELinux Troubleshooter) and I was not able to get/see the gui
for this application to even come up. It refuses to display
the gui.

Any ideas?

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007 9:15 AM

John Dennis

2007-12-14 21:44:25 UTC

Permalink

Post by Daniel B. Thurman
Ok, I have set the level = debug, started setroublesootd and tail'ed
/var/log/setroubleshootd/*.log for about 15-30 minutes and I see
nothing at all. Not a single entry was logged.

Is it consuming 85-95% of your CPU or not?

The log file should not be empty.

Post by Daniel B. Thurman
I tried to bring up the sealert (or Applications->System-Tools->
SELinux Troubleshooter) and I was not able to get/see the gui
for this application to even come up. It refuses to display
the gui.
Any ideas?

Stop any running sealert with "sealert -q"

Then run it in the foreground with verbose output to the console by
doing this: "sealert -s -v"

What does it tell you?

--
John Dennis <jdennis at redhat.com>

John Dennis

2007-12-14 22:20:15 UTC

Permalink

P.S. There may be some confusion unless you understand setroubleshoot is
comprised of two processes

setroubleshootd is a daemon process run with an init script.

sealert is a user process run in your desktop session.

There should be one copy of each process running, verify this with "ps
ax | grep se"

There is no process named setroubleshoot.

When you report setroubleshoot is running at 85-95% of CPU I need to
know which of the two processes you're referring to.

Running tail on /var/log/setroubleshoot/setroubleshootd is not
sufficient. I need to see the entire contents of this file. But please
don't post it to the list, you can just send it to me directly.

--
John Dennis <jdennis at redhat.com>