hwclock and audit system

Norman Gaywood norm at turing.une.edu.au
Fri Jul 29 05:37:11 UTC 2005 

This is FC4. I don't think /sbin/hwclock is doing anything useful on my
system. Anyone else seeing this?

[root at surrey ~]# hwclock --show
[root at surrey ~]#

[root at surrey ~]# strace -s50 hwclock --show
execve("/sbin/hwclock", ["hwclock", "--show"], [/* 25 vars */]) = 0
brk(0)                                  = 0x8f4b000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f0e000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=107489, ...}) = 0
old_mmap(NULL, 107489, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ef3000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\n\37[\0004\0\0\0\4\260\26\0\0\0\0\0004\0 \0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1489572, ...}) = 0
old_mmap(0x59d000, 1219548, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x59d000
old_mmap(0x6c1000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x6c1000
old_mmap(0x6c5000, 7132, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x6c5000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ef2000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ef26c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x6c1000, 8192, PROT_READ)     = 0
mprotect(0x599000, 4096, PROT_READ)     = 0
munmap(0xb7ef3000, 107489)              = 0
gettimeofday({1122614971, 844952}, NULL) = 0
socket(PF_NETLINK, SOCK_RAW, 9)         = -1 EACCES (Permission denied)
write(2, "Error - unable to connect to audit system\n", 42) = 42
exit_group(77)                          = ?
[root at surrey ~]#


[root at surrey ~]# tail -3 /var/log/audit/audit.log
type=AVC msg=audit(1122615217.619:4364333): avc:  denied  { create } for pid=7432 comm="hwclock" scontext=root:system_r:hwclock_t tcontext=root:system_r:hwclock_t tclass=netlink_audit_socket
type=SYSCALL msg=audit(1122615217.619:4364333): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfb5cbc0 a2=80542e0 a3=599ca0 items=0 pid=7432 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 comm="hwclock" exe="/sbin/hwclock" type=SOCKETCALL msg=audit(1122615217.619:4364333): nargs=3 a0=10 a1=3 a2=9


[root at surrey ~]# service auditd status
auditd (pid 1565) is running...
[root at surrey ~]#


-- 
Norman Gaywood, Systems Administrator
School of Mathematics, Statistics and Computer Science
University of New England, Armidale, NSW 2351, Australia

norm at turing.une.edu.au            Phone: +61 (0)2 6773 2412
http://turing.une.edu.au/~norm    Fax:   +61 (0)2 6773 3312

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

More information about the fedora-list mailing list