file system auditing, zany timezone issues, design document, etc, etc
Debora Velarde
dvelarde at us.ibm.com
Wed Apr 27 23:36:24 UTC 2005
> I re-tested today with the user space patch applied. I thought I
> would post my results in case they are different from what you found.
> 1. -D (delete all rules) doesn't delete any rules
I see this problem also.
I'm seeing lots of strange behavior when I updated to this new kernel.
# auditctl -a entry,always -F arch=b32 -S chmod
No rules
# auditctl -l
No rules
# auditctl -D
AUDIT_LIST: entry always a1=4 (0x4) syscall=access
AUDIT_LIST: entry always a1=3 (0x3) syscall=access
AUDIT_LIST: entry never a1=4 (0x4) syscall=access
AUDIT_LIST: entry always syscall=chmod
AUDIT_LIST: entry never syscall=chmod
AUDIT_LIST: entry always arch=3221225534 (0xc000003e) syscall=semget
AUDIT_LIST: entry never arch=3221225534 (0xc000003e) syscall=semget
AUDIT_LIST: entry always arch=3221225534 (0xc000003e) syscall=semget
AUDIT_LIST: entry never arch=3221225534 (0xc000003e) syscall=semget
AUDIT_LIST: entry always arch=3221225534 (0xc000003e) syscall=semget
AUDIT_LIST: entry never arch=3221225534 (0xc000003e) syscall=semget
AUDIT_LIST: entry always syscall=chmod
>
> I see these bugs with the patched version of both audit-0.6.10 and
> audit-0.7.1 running with the audit.24 kernel. I haven't tried the
> 2.6.12 kernel yet.
I am using kernel-2.6.9-5.0.3.EL.audit.24 and audit-0.7.1-1.
I've used audit-0.7.1-1 with kernel-2.6.9-5.0.3.EL.audit.20 and didn't see
this strange behavior.
I wanted to try kernel-2.6.9-5.0.3.EL.audit.23 but when I tried installing
kernel-2.6.9-5.0.3.EL.audit.23,
I got a kernel panic when trying to boot.
Kernel Panic -not syncing: kernel/auditfs.c:439
spin_is_locked on uninitalized spinlock
-debbie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050427/390150cb/attachment.htm>
More information about the Linux-audit
mailing list