On Fri, 29 Oct 2004 12:18:03 EDT, Peter Martuccelli said:
> > /me guesses that the kernel audit framework isn't SMP-safe. Is anyone
> > at RedHat looking into this? It was already bugzilla'd by Tom London.
>
> I want to verify that people have only seen this issue on SMP systems.
>
> I can work with Dan on getting a test together to try and reproduce the
> problem.
Possibly a variant issue, often seen on my laptop (is a UP with Ingo Molnar's VP
patches and PREEMPT defined). Lots of leading blanks. Always show up in pairs,
one with 115-120 blanks, followed by a second that has 15-25 more blanks.
Both messages are always truncated after the exe= field.
Oct 19 09:25:28 turing-police kernel: audit(1098192328.373:0): avc: denied { unlink } for pid=3110 exe=/sbin/ldconfig name=
ld.so.cache dev=dm-5 ino=24601 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:etc_t tclass=file
Oct 19 09:25:28 turing-police kernel:
audit(1098192328.986:0): avc: denied { search } for pid=15579 exe=/usr/bin/dbus-daemo
n-1
Oct 19 09:25:28 turing-police kernel:
audit(1098192328.986:0): avc: denied { write } for pid=15579 exe=/usr/
bin/dbus-daemon-1
Those were 3 consecutive messages out of the kernel. Might be the issue
is 'SMP or PREEMPT'. Two more examples from that day...
Oct 19 09:59:03 turing-police crond(pam_unix)[13653]: session opened for user dshield by (uid=0)
Oct 19 09:59:03 turing-police kernel:
audit(1098194343.340:0): avc: denied { search } for pid=30651 exe=/usr/sbin/crond
Oct 19 09:59:03 turing-police kernel:
audit(1098194343.340:0): avc: denied { write } for pid=30651 exe=/usr/sbin/crond
...
Oct 19 10:19:37 turing-police ntpd[30628]: sendto(198.82.1.204): Invalid argument
Oct 19 10:20:18 turing-police kernel:
audit(1098195618.634:0): avc: denied { search } for pid=21753 exe=/usr/sbin/smartd
Oct 19 10:20:18 turing-police kernel:
audit(1098195618.923:0): avc: denied { write } for pid=21753 exe=/usr/sbin/smartd
Attachment:
pgpaTcPNJZWnz.pgp
Description: PGP signature
