WASP for Linux 7?
Margaret M Sanders
msanders at swri.org
Mon Dec 29 21:35:23 UTC 2014
Expertise:
Is there a WASP for Linux 7? What is the accepted and accredited security scanning app for Linux 7--is it SECSCN?
Thank you,
MS
SwRI
ISSO/ATA
-----Original Message-----
From: linux-audit-bounces at redhat.com [mailto:linux-audit-bounces at redhat.com] On Behalf Of Paul Moore
Sent: Monday, December 29, 2014 1:42 PM
To: Toralf Förster
Cc: linux-audit at redhat.com; linux Kernel
Subject: Re: v3.19-rc2: crashes during boot (syslog-ng, rpcbind ...)
On Monday, December 29, 2014 05:24:38 PM Toralf Förster wrote:
> On 12/29/2014 05:21 PM, Paul Moore wrote:
> > On Mon, Dec 29, 2014 at 11:07 AM, Toralf Förster wrote:
> >> A x86 KVM guest running at a 64 bit Gentoo hardened host system the
> >> following crashes appeared reproducible (screen shots attached.
> >>
> >> If I removed syslog-ng from the runlevel default, then the crash
> >> just appeared a little bit later at another subsystem>
> >
> > It looks like it doesn't like something in
> > audit_compare_dname_path(); I'll take a look and see what I can
> > find, there is a patch in -rc2 which touched some related code.
> >
> > I didn't see this problem in my earlier testing, can you share your
> > .config?
>
> ofc - attached
[NOTE: added linux-audit to the CC line, I should have done that earlier]
I believe I can reproduce this now; I'm seeing slightly different panics, but it is "close enough" and based on some quality time with the code I believe they are both symptoms of the same root cause.
To help verify that I'm heading down the right path, could you share your audit configuration as well? If that's not possible, can you at least confirm that you using a few audit directory watches?
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list