auditd hanging the system...
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Mar 24 17:52:05 UTC 2006
On Wed, 15 Mar 2006 09:30:34 EST, Steve Grubb said:
> On Tuesday 14 March 2006 18:06, Valdis.Kletnieks at vt.edu wrote:
> > Mar 14 18:02:09 turing-police kernel: [21744.040000] audit(0.000:267):
> > nargs=3 a0=4 a1=bfb7a4f8 a2=bfb7a4a0 Mar 14 18:02:10 turing-police last
> > message repeated 16 times
>
> I think I found the problem with time being 0.000. I'm still looking for the
> reason why so many of these were spit out.
Following up on this one...
1) The msg flood problem is still present in 2.6.16-mm1.
2) Your patch to set ctx->ctime isn't in 2.6.12-mm1, and does fix the 0.000 time
problem, but doesn't fix the msg flood problem.
3) It *does* seem related to the kernel throwing an AVC message - I'm only
using auditd to catch avc's at the moment....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060324/6cfed9a5/attachment.sig>
More information about the Linux-audit
mailing list