-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/31/2012 05:22 PM, m.roth at 5-cent.us wrote: > Well, this is getting more and more unpleasant. Turned out my manager and > the other admin were also working on this. One of the times they restarted > *something*, or maybe my reinstall, took care of the first problem. > > Now, however, we're seeing a ton of exceptions... and what's struck me is > that I'm *not* getting the normal output from sealert. For example, sealert > -v -l 42f9d4f6-6327-4030-b927-d17ab9f4f0d6 2012-05-31 16:52:13,387 > [plugin.INFO] importing /usr/share/setroubleshoot/plugins/__init__ as > plugins SELinux is preventing /bin/chmod from using the fowner capability. > > I used the -v to try to get more; I'm not seeing the screenful that usually > has more useful info. Could something have been screwed up with selinux, in > some way? I know that the other admin installed something, but that was via > a ruby-on-rails utility, and shouldn't have looked at anything, much less > modified anything.... > > mark > > > > _______________________________________________ CentOS mailing list > CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos I would doubt it. Basically it looks like your XML database got corrupted. You could just remove it while setroubleshootd is not running, and then sealert would start working again. you could do the following also. ausearch -m avc -ts recent > /tmp/mylog sealert -a /tmp/mylog -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/IwXoACgkQrlYvE4MpobM2MgCdEZOZoXel+PoE5veLKMpazIGu 8TwAoIWl+TIBIXR4P7Al77iz6bhK5RpQ =Q+6Q -----END PGP SIGNATURE-----