Discussion:
Issue regarding Selinux
Aman Sharma
2017-12-04 09:45:47 UTC
Permalink
Hi All,

I am seeing a number of su core files after a fresh install of Cent OS 7
Machine. In this particular case I have 622 cores files found. The
backtrace is given below

Reading symbols from /usr/bin/su...Reading symbols from /usr/bin/su...(no
debugging symbols found)...done.
(no debugging symbols found)...done.
[New LWP 15427]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `su - informix -c source
/usr/local/cm/db/informix/local/ids.env; /usr/local/cm/'.
Program terminated with signal 6, Aborted.
#0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6

====================================
backtrace
===================================
*#0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 *












*#1 0x00007f74f109b8c8 in abort () from /lib64/libc.so.6 #2
0x00007f74f1093146 in __assert_fail_base () from /lib64/libc.so.6 #3
0x00007f74f10931f2 in __assert_fail () from /lib64/libc.so.6 #4
0x00007f74e9ed46ac in avc_context_to_sid_raw () from
/lib64/libselinux.so.1 #5 0x00007f74e9ed46e5 in avc_context_to_sid () from
/lib64/libselinux.so.1 #6 0x00007f74e9ed83ad in selinux_check_access ()
from /lib64/libselinux.so.1 #7 0x00007f74ea0f4d76 in check_for_root () from
/lib/security/../../lib64/security/pam_rootok.so #8 0x00007f74f162cf1a in
_pam_dispatch () from /lib64/libpam.so.0 #9 0x00007f74f162c7e0 in
pam_authenticate () from /lib64/libpam.so.0 #10 0x00007f74f1a5f857 in
su_main () #11 0x00007f74f1086b35 in __libc_start_main () from
/lib64/libc.so.6 #12 0x00007f74f1a5e890 in _start
() ==================================== *

From the Back trace logs , looks like crash is related to Selinux. Can Any
body Please help me on this. why its getting crash.
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : ***@gmail.com
Stephen Smalley
2017-12-04 15:44:59 UTC
Permalink
Post by Aman Sharma
Hi All,
I am seeing a number of su core files after a fresh install of Cent
OS 7 Machine. In this particular case I have 622 cores files found.
The backtrace is given below 
Reading symbols from /usr/bin/su...Reading symbols from
/usr/bin/su...(no debugging symbols found)...done. 
(no debugging symbols found)...done. 
[New LWP 15427] 
[Thread debugging using libthread_db enabled] 
Using host libthread_db library "/lib64/libthread_db.so.1". 
Core was generated by `su - informix -c source
/usr/local/cm/db/informix/local/ids.env; /usr/local/cm/'.
Program terminated with signal 6, Aborted. 
#0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 
  ==================================== 
 backtrace
 =================================== 
 #0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 
#1 0x00007f74f109b8c8 in abort () from /lib64/libc.so.6 
#2 0x00007f74f1093146 in __assert_fail_base () from /lib64/libc.so.6 
#3 0x00007f74f10931f2 in __assert_fail () from /lib64/libc.so.6 
#4 0x00007f74e9ed46ac in avc_context_to_sid_raw () from
/lib64/libselinux.so.1 
#5 0x00007f74e9ed46e5 in avc_context_to_sid () from
/lib64/libselinux.so.1 
#6 0x00007f74e9ed83ad in selinux_check_access () from
/lib64/libselinux.so.1 
#7 0x00007f74ea0f4d76 in check_for_root () from
/lib/security/../../lib64/security/pam_rootok.so 
#8 0x00007f74f162cf1a in _pam_dispatch () from /lib64/libpam.so.0 
#9 0x00007f74f162c7e0 in pam_authenticate () from /lib64/libpam.so.0 
#10 0x00007f74f1a5f857 in su_main () 
#11 0x00007f74f1086b35 in __libc_start_main () from /lib64/libc.so.6 
#12 0x00007f74f1a5e890 in _start () 
 ==================================== 
From the Back trace logs , looks like crash is related to Selinux.
Can Any body Please help me on this. why its getting crash.
Implication is that pam_rootok passed a NULL context to
selinux_check_access(). Which would be a bug in pam. What does
sestatus -v show for this machine?
Aman Sharma
2017-12-04 16:15:58 UTC
Permalink
Hi Stephen,

sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

Process contexts:
Current context:
system_u:system_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling terminal: system_u:object_r:sshd_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 ->
system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6 system_u:object_r:lib_t:s0 ->
system_u:object_r:lib_t:s0
/lib/ld-linux.so.2 system_u:object_r:lib_t:s0 ->
system_u:object_r:ld_so_t:s0


rpm -q libselinux
libselinux-2.5-6.el7.i686
libselinux-2.5-6.el7.x86_64

Please let me know if you want any other details .

Thanks
Post by Stephen Smalley
Post by Aman Sharma
Hi All,
I am seeing a number of su core files after a fresh install of Cent
OS 7 Machine. In this particular case I have 622 cores files found.
The backtrace is given below
Reading symbols from /usr/bin/su...Reading symbols from
/usr/bin/su...(no debugging symbols found)...done.
(no debugging symbols found)...done.
[New LWP 15427]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `su - informix -c source
/usr/local/cm/db/informix/local/ids.env; /usr/local/cm/'.
Program terminated with signal 6, Aborted.
#0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6
====================================
backtrace
===================================
#0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6
#1 0x00007f74f109b8c8 in abort () from /lib64/libc.so.6
#2 0x00007f74f1093146 in __assert_fail_base () from
/lib64/libc.so.6
#3 0x00007f74f10931f2 in __assert_fail () from /lib64/libc.so.6
#4 0x00007f74e9ed46ac in avc_context_to_sid_raw () from
/lib64/libselinux.so.1
#5 0x00007f74e9ed46e5 in avc_context_to_sid () from
/lib64/libselinux.so.1
#6 0x00007f74e9ed83ad in selinux_check_access () from
/lib64/libselinux.so.1
#7 0x00007f74ea0f4d76 in check_for_root () from
/lib/security/../../lib64/security/pam_rootok.so
#8 0x00007f74f162cf1a in _pam_dispatch () from /lib64/libpam.so.0
#9 0x00007f74f162c7e0 in pam_authenticate () from
/lib64/libpam.so.0
#10 0x00007f74f1a5f857 in su_main ()
#11 0x00007f74f1086b35 in __libc_start_main () from
/lib64/libc.so.6
#12 0x00007f74f1a5e890 in _start ()
====================================
From the Back trace logs , looks like crash is related to Selinux.
Can Any body Please help me on this. why its getting crash.
Implication is that pam_rootok passed a NULL context to
selinux_check_access(). Which would be a bug in pam. What does
sestatus -v show for this machine?
Sorry, I'm wrong; the assert is on avc_running, which implies that the
AVC wasn't initialized. sestatus -v would still be useful. Also rpm
-q libselinux.
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : ***@gmail.com
Stephen Smalley
2017-12-04 16:32:53 UTC
Permalink
Post by Aman Sharma
Hi Stephen,
sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
Current context:                system_u:system_r:unconfined_t:s0-
s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-
s0:c0.c1023
Controlling terminal:           system_u:object_r:sshd_devpts_t:s0
/etc/passwd                     system_u:object_r:passwd_file_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:bin_t:s0 ->
system_u:object_r:init_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6                  system_u:object_r:lib_t:s0 ->
system_u:object_r:lib_t:s0
/lib/ld-linux.so.2              system_u:object_r:lib_t:s0 ->
system_u:object_r:ld_so_t:s0
 rpm -q libselinux
libselinux-2.5-6.el7.i686
libselinux-2.5-6.el7.x86_64
Please let me know if you want any other details .
Ok, so this is the same system that has the wrong ssh login context
(per your Current context" and "Controlling terminal" lines above. So
likely the same root cause as that problem. Look for sshd errors in
/var/log/secure or journalctl, run selinuxdefaultcon as I described to
see whether you can reproduce the incorrect context computation.

Continue reading on narkive:
Loading...