Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 227313 - sealert -l doesn't show time (and other UI issues)
Summary: sealert -l doesn't show time (and other UI issues)
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: John Dennis
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2007-02-05 05:47 UTC by James Antill
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-02-09 20:06:03 UTC

Attachments (Terms of Use)

Description James Antill 2007-02-05 05:47:54 UTC
Description of problem:

 Given a message like:
Feb  5 00:42:50 code setroubleshoot:      SELinux is preventing /usr/bin/python
(setroubleshootd_t) "write" to audit_events (var_run_t).      For complete
SELinux messages. run sealert -l 8d1d68d1-fb39-465c-b5a4-f50e7769bbe7

..the sealert -l doesn't shoe the time at which the SELinux AVC message
happened, this is esp. annoying because there seems to be some limiting in
setroubleshootd which means it sends out messages about itself for 10 minutes or
more after you've fixed it (and before which it said nothing, even though it was
obviously broken and it knew it -- the fix was setsebool
setroubleshootd_disable_trans=1, although I'm not 100% that's good advise but
certainly if auditd_disable_trans is on and that's off it's good advise).

Version-Release number of selected component (if applicable):

% rpm -q setroubleshoot

How reproducible:

Comment 1 James Antill 2007-02-05 14:44:35 UTC
 As I implied in, bug#227315 it wasn't old data but an old version of
setroubleshootd was hanging around generating those messages. This would have
been obvious if it had given the time :).

Comment 2 John Dennis 2007-02-09 20:06:03 UTC
setroubleshoot tracks the first time the AVC is seen and the last time it was
seen. The detailed information section now includes the first and last seen
timestamps. The updated version will appear in rawhide in the next day or two. I
expect it will be in version 1.8.17.

BTW, sealert does not store every AVC it sees, rather it translates them into
"alerts" via the plugin analysis, then it asks if the alert has been seen
previously, if so it just updates the report count and the last seen timestamp.
This is why there is only a first and last timestamp.

Note You need to log in before you can comment on or make changes to this bug.