Auditd bug in 2.6.9 kernel
Aaron Lewis
the.warl0ck.1989 at gmail.com
Mon Jan 13 03:43:16 UTC 2014
The issue isn't connected to any present rules.
I compiled auditd-1.0.16 with rpmbuild --rebuild command, once the
auditd gets started,
all 32 bit program stuck, and so does "ldd" script.
On Mon, Jan 13, 2014 at 9:16 AM, Aaron Lewis <the.warl0ck.1989 at gmail.com> wrote:
> Hi,
>
> I'm running auditd 1.0.16 (compiled manually) with 2.6.9 kernel (RHEL4)
>
> When I added a watch rule, e.g auditctl -w /usr/bin, all 32bit
> programs get stuck:
>
> $ strace /path/to/32bit_program
> execve("XX", ["XX"], [/* 21 vars */]) = 0
> [ Process PID=2901 runs in 32 bit mode. ]
> uname(0xffffd880) = -1 EINTR (Interrupted system call)
> open("/proc/sys/kernel/osrelease", O_RDONLY) = -1 EINTR (Interrupted
> system call)
> writev(2, [{"", 0}], 1) = -1 EINTR (Interrupted system call)
> _exit(1)
>
> Any ideas? Looks like a kernel-side bug.
>
> --
> Best Regards,
> Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
> Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the Linux-audit
mailing list