Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-15498

fapolicyd deadlocks the system because it got a fatal SIGBUS signal

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • rhel-9.6
    • rhel-9.2.0, rhel-9.3.0
    • fapolicyd
    • None
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Hide
      • fapolicyd service stops running only on the signals dedicated to it, e.g. SIGTERM, SIGKILL, SIGSTOP
      • fapolicyd service keeps running on other signals reception
      • fapolicyd does not block the execution after reception of the "allowed" signals
      Show
      fapolicyd service stops running only on the signals dedicated to it, e.g. SIGTERM, SIGKILL, SIGSTOP fapolicyd service keeps running on other signals reception fapolicyd does not block the execution after reception of the "allowed" signals
    • None
    • None
    • x86_64
    • None

      What were you trying to do that didn't work?

      Because of some RPMDB issue, a SIGBUS was raised, causing fapolicyd to deadlock the system:

      fapolicyd dying made the kernel spawn the systemd-coredump executable to collect the coredump. Executing the program leads to querying fapolicyd to allow the execution, which cannot happen since fapolicyd is dying.

      See PR https://github.com/linux-application-whitelisting/fapolicyd/pull/273 for fix proposal.

      Please provide the package NVR for which bug is seen:

      fapolicyd-1.1.3-104.el9_2

      How reproducible:

      Always

      Steps to reproduce

      1. Send SIGBUS, SIGQUIT, SIGSEGV or any deadly signal to fapolicyd

      Expected results

      System hangs (i.e. no way to do anything, current processes hanging, no way to log in, etc.)

      Actual results

      System still functional

              rsroka@redhat.com Radovan Sroka
              rhn-support-rmetrich Renaud Métrich
              Radovan Sroka Radovan Sroka
              SSG Security QE SSG Security QE
              Votes:
              4 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: