[redhat-lspp] Updated kernel package available
Amy Griffis
amy.griffis at hp.com
Tue Jan 17 17:15:59 UTC 2006
On Tue, Jan 17, 2006 at 10:17:12AM -0500, Amy Griffis wrote:
> Hi Steve,
>
> On Mon, Jan 16, 2006 at 12:16:46PM -0500, Steve Grubb wrote:
> > On Friday 13 January 2006 20:07, David Woodhouse wrote:
> > > This is kernel-2.6.15-1.1826.2.10.2.2_FC5.lspp.6
> > >
> > > It contains the contents of the audit git tree, Janak's unshare patch
> > > sequence, some patches from Steve and Amy's "string fields interface"
> > > patches.
> >
> > This kernel Oopses immediately on boot. I think its the string1 &
> > string2 patches. Here's what I get:
>
> Thanks for the bug report.
>
> I didn't have any issues on boot in my testing, but this kernel
> includes some patches I wasn't testing. I'll look into it and get
> back to you.
<snip>
> > Then with gdb, I find this line:
> >
> > (gdb) list *0xffffffff801614c4
> > 0xffffffff801614c4 is in audit_receive_filter (kernel/auditfilter.c:388).
> > 383 audit_free_watch(krule->watch);
> > 384 krule->watch = w;
> > 385 list_add(&krule->rlist, &w->rules);
> > 386 return;
> > 387 }
> > 388 INIT_LIST_HEAD(&krule->watch->rules);
> > 389 list_add(&krule->rlist, &krule->watch->rules);
> > 390 list_add(&krule->watch->mlist, &master_watchlist);
> > 391 }
> >
> > So, seems that krule is NULL?
Actually it's krule->watch that is NULL. The code block that adds a
watch needs to be called conditionally based on the presence of
krule->watch.
Looks like I forgot to try adding rules *without* watches after making
some final changes. :-/
Amy
More information about the Linux-audit
mailing list