On 4/23/05, Tom London <selinux@xxxxxxxxx> wrote: > Running targeted/enforcing, latest rawhide (.1261) > > Examining /var/log/messages, I notice some 'corrupted' avc messages, e.g.: > > Apr 23 13:05:33 localhost kernel: audit(1114286729.835:0): avc: > denied { search } for name=3228 dev=proc ino=211550210 > scontext=system_u:system_r:initss=dir > > Apr 23 13:06:31 localhost kernel: audit(1114286790.120:0): avc: > denied { search } for name=3228 dev=proc ino=211550210 > scontext=system_u:system_r:i127:0): avc: denied { search } for > name=1780 dev=proc ino=116654082 scontext=system_u:system_r:init_t > tcontext=system_u:system_r:kernel_t tclass=dir > > Apr 23 13:06:41 localhost kernel: audit(1114286800.202:0): avc: > denied { search } for name=3 dev=proc ino=196610 > scontext=system_u:system_r:inystem_r:init_t > tcontext=system_u:system_r:kernel_t tclass=dir > > [initss? i127? inystem? there are more....] > > Is there a lock problem with auditing? > tom Hmmm, is this an instance of this problem in audit? tom --------------------------------------------------------------------- This sounds like an old kernel bug. There was a patch on the audit mail list that fixes it. It is pending being merged in the mm kernel. It only affects syslog messages. If you use the audit daemon, you won't see the problem. -Steve Grubb --- linux/kernel/audit.c.orig 2005-02-16 13:49:28.839925080 -0500 +++ linux/kernel/audit.c 2005-02-16 13:53:24.757060224 -0500 @@ -513,8 +513,8 @@ if (!audit_pid) { /* No daemon */ int offset = ab->nlh ? NLMSG_SPACE(0) : 0; int len = skb->len - offset; - printk(KERN_ERR "%*.*s\n", - len, len, skb->data + offset); + skb->data[offset + len] = '\0'; + printk(KERN_ERR "%s\n", skb->data + offset); } kfree_skb(skb); ab->nlh = NULL; -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list