Problem with audit
Steve Grubb
sgrubb at redhat.com
Fri Apr 21 19:48:52 UTC 2006
On Friday 21 April 2006 11:30, Loulwa Salem wrote:
> sure .. I'm attaching the strace output.
recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0\375\10\0\0\377\377\377\377\20\0"...,
8476, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000},
[12]) = 36
This is definitely sending back EPERM. EPERM is only sent back when the sender
does not have CAP_AUDIT_CONTROL. Root processes should have that. Not sure
why this is failing the first time and OK the second. That seems to sound
like an uninitialized variable. Nothing has changed in this part of the code
in a very long time...unless this is another netlink bug.
-Steve
More information about the Linux-audit
mailing list