Re: mangled audit messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-10-21 at 13:06, Colin Walters wrote:
> On my FC2 server, running strict policy, I am seeing a lot of these:
> 
>                                      audit(1098309975.693:0): avc:
> denied  { getattr } for  pid=12283 exe=/usr/sbin/sshd
>                                       audit(1098309977.469:0): avc:
> denied  { getattr } for  pid=12293 exe=/usr/sbin/sshd
>                                       audit(1098309984.374:0): avc:
> denied  { getattr } for  pid=12319 exe=/usr/sbin/sshd
>                                       audit(1098309985.817:0): avc:
> denied  { getattr } for  pid=12325 exe=/usr/sbin/sshd
> 
> Note the large amount of odd leading whitespace, and the lack of any
> additional information.  Does anyone know anything about this?

I've seen this before, although not recently, and it has been reported
on this list by at least Russell Coker and Tom London.  Seems to be
difficult to reproduce reliably.  I don't know if there is a bugzilla on
it.  Rik Faith, who wrote the audit framework, thought it looked similar
to an earlier bug in the audit code that he had fixed.  I think Peter is
presently maintaining the code, cc'd.

What kernel are you running?

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux