Truncated log entries
Stephen Smalley
sds at epoch.ncsc.mil
Wed Oct 27 17:24:37 UTC 2004
On Wed, 2004-10-27 at 13:13, Barry Roomberg wrote:
> I'm running Fedora Core 2 Kernel: 2.6.5-1.358
> I'm logging activity in a directory (thanks Stephen).
>
> I occasionally get what look like to be truncated log entries such as:
>
> Oct 27 11:24:21 mstoppel1 kernel: audit(1098890661.257:8894633):
> avc: granted { read } for pid=17834 exed=500 fsuid=500 egid=500
> sgid=500 fsgid=500
>
> "exed=500" ???
>
> also:
> Oct 27 11:26:47 mstoppel1 kernel: =500 fsgid=500
>
>
> Any idea why? They are rare and interspersed with good entries.
/me guesses that the kernel audit framework isn't SMP-safe. Is anyone
at RedHat looking into this? It was already bugzilla'd by Tom London.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list