Re: avc messages corrupted?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/23/05, Tom London <selinux@xxxxxxxxx> wrote:
> Running targeted/enforcing, latest rawhide (.1261)
> 
> Examining /var/log/messages, I notice some 'corrupted' avc messages, e.g.:
> 
> Apr 23 13:05:33 localhost kernel: audit(1114286729.835:0): avc:
> denied  { search } for  name=3228 dev=proc ino=211550210
> scontext=system_u:system_r:initss=dir
> 
> Apr 23 13:06:31 localhost kernel: audit(1114286790.120:0): avc:
> denied  { search } for  name=3228 dev=proc ino=211550210
> scontext=system_u:system_r:i127:0): avc:  denied  { search } for
> name=1780 dev=proc ino=116654082 scontext=system_u:system_r:init_t
> tcontext=system_u:system_r:kernel_t tclass=dir
> 
> Apr 23 13:06:41 localhost kernel: audit(1114286800.202:0): avc:
> denied  { search } for  name=3 dev=proc ino=196610
> scontext=system_u:system_r:inystem_r:init_t
> tcontext=system_u:system_r:kernel_t tclass=dir
> 
> [initss? i127? inystem?  there are more....]
> 
> Is there a lock problem with auditing?
> tom

Hmmm, is this an instance of this problem in audit? 

tom
---------------------------------------------------------------------
This sounds like an old kernel bug. There was a patch on the audit
mail list that
fixes it. It is pending being merged in the mm kernel. It only affects syslog
messages. If you use the audit daemon, you won't see the problem.

-Steve Grubb

--- linux/kernel/audit.c.orig   2005-02-16 13:49:28.839925080 -0500
+++ linux/kernel/audit.c        2005-02-16 13:53:24.757060224 -0500
@@ -513,8 +513,8 @@
               if (!audit_pid) { /* No daemon */
                       int offset = ab->nlh ? NLMSG_SPACE(0) : 0;
                       int len    = skb->len - offset;
-                       printk(KERN_ERR "%*.*s\n",
-                              len, len, skb->data + offset);
+                       skb->data[offset + len] = '\0';
+                       printk(KERN_ERR "%s\n", skb->data + offset);
               }
               kfree_skb(skb);
               ab->nlh = NULL;

-- 
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux