Auditd bug in 2.6.9 kernel
Aaron Lewis
the.warl0ck.1989 at gmail.com
Mon Jan 13 01:16:14 UTC 2014
Hi,
I'm running auditd 1.0.16 (compiled manually) with 2.6.9 kernel (RHEL4)
When I added a watch rule, e.g auditctl -w /usr/bin, all 32bit
programs get stuck:
$ strace /path/to/32bit_program
execve("XX", ["XX"], [/* 21 vars */]) = 0
[ Process PID=2901 runs in 32 bit mode. ]
uname(0xffffd880) = -1 EINTR (Interrupted system call)
open("/proc/sys/kernel/osrelease", O_RDONLY) = -1 EINTR (Interrupted
system call)
writev(2, [{"", 0}], 1) = -1 EINTR (Interrupted system call)
_exit(1)
Any ideas? Looks like a kernel-side bug.
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the Linux-audit
mailing list