Lots a permission denied activity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I have been testing a new set of audit rules and have run across some 
processes that are doing things that might out to be changed. Typically, 
audit users expect a normally functioning system to not be noisy. There is a 
requirement to audit failed file access due to permission denied. What I'm 
finding is that two processes are generating tens of thousands of events 
every day.

There is a /usr/libexec/tracker-extract process that searches my directories 
about every 11 seconds. I can imagine on a laptop that would be a lot of disk 
activity. Sometimes I use root in my home directory and accidentally create 
files owned by root. This leads to a lots of events on my system. Does it 
really need to run with this frequency?

But I also see one that I just don't understand. Every 12 seconds, /usr/lib/
systemd/systemd calls openat with write flags to open 

/sys/fs/cgroup/cpu/cgroup.procs
/sys/fs/cgroup/cpuacct/cgroup.procs
/sys/fs/cgroup/blkio/cgroup.procs
/sys/fs/cgroup/memory/user.slice/user-4325.slice/user@4325.service/
cgroup.procs
/sys/fs/cgroup/memory/user.slice/user-4325.slice/cgroup.procs
/sys/fs/cgroup/memory/user.slice/cgroup.procs
/sys/fs/cgroup/memory/cgroup.procs
/sys/fs/cgroup/devices/user.slice/cgroup.procs
/sys/fs/cgroup/devices/cgroup.procs
/sys/fs/cgroup/pids/user.slice/user-4325.slice/user@4325.service/cgroup.procs
/sys/fs/cgroup/pids/user.slice/user-4325.slice/cgroup.procs
/sys/fs/cgroup/pids/user.slice/cgroup.procs
/sys/fs/cgroup/pids/cgroup.procs

Which are all root owned files. This adds up to about 45,000 events a day. Is 
there a purpose to opening those files? And if that was truly needed, should 
it be logging failures? Are the permissions wrong? If the failures are 
benign, why is it doing it at all?

Thanks,
-Steve

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/2HMJ4SX3UP22ASPI34YK6JOKEM2X5NYN/
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux