selinux errors fail with obnoxious stack traces

[bsherman]

when an selinux violation occurs this nasty stack trace gets printed in the journal:

Aug 24 21:50:05 ucore-vm audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.SetroubleshootPrivileged@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?>
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: The call org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext has failed with an exception:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: Traceback (most recent call last):
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 455, in _method_callback
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     result = self._handle_call(
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/dasbus/server/handler.py", line 265, in _handle_call
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return handler(*parameters, **additional_args)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/share/setroubleshoot/SetroubleshootPrivileged.py", line 57, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 629, in get_rpm_nvr_by_scontext
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 514, in get_rpm_nvr_by_type
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     build_module_type_cache()
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:   File "/usr/lib/python3.12/site-packages/setroubleshoot/util.py", line 565, in build_module_type_cache
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:     with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]:          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 24 21:50:05 ucore-vm SetroubleshootPrivileged.py[2977]: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/selinux/targeted/active/modules'

The FileNotFoundError is due to /var/lib/selinux/targeted/active/modules being missing... it SHOULD be there since selinux-policy-targeted is installed, but anything RPMs install to the /var/ filesystem is not retained... a common problem with the rpm-ostree based systems.

[dosubot[bot]]

Hi, @bsherman. I'm Dosu, and I'm helping the ucore team manage their backlog. I'm marking this issue as stale.

Issue Summary

• SELinux violation results in a lengthy stack trace in the system journal.
• The stack trace is generated by a failure in SetroubleshootPrivileged.py.
• The issue is considered excessive and unhelpful for users.
• No further comments or activity have been made on this issue.

Next Steps

• Please confirm if this issue is still relevant to the latest version of the ucore repository by commenting here.
• If there is no further activity, this issue will be automatically closed in 14 days.

Thank you for your understanding and contribution!