System hangs using audit-0.9.9 (and few versions before)
Loulwa Salem
loulwas at us.ibm.com
Tue Jun 21 21:11:47 UTC 2005
I had a problem with the system hanging while running a test case that
exercises the boundary limits on path name and file name while inserting
watches. This seemed to only occur on SMP machines. I also tried the
test case on audit (0.9.4 -> 0.9.9) and it seemed to break on all those
versions regardless of the kernel version running.
The system hung when attempting to stop audit after trying to insert a
watch on a long filename (> NAME_MAX).
With audit0.9.10 (and the latest kernel.65) the problem seemed to just
go away.. I am not sure what changed in the code to fix it ... but I
thought it would be good to report it in case someone encounters a
similar problem again ... also it would be nice if we know what happened
to fix it .. or break it in the first place ...
Thanks for Klaus ... helping narrow the problem down.
To reproduce :
# /sbin/auditctl -w /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-k good-key
>> The base name of the path is too big
#/etc/init.d/auditd restart
>> Stopping auditd: [ OK ]
>> Starting auditd: [ OK ]
# /sbin/auditctl -w /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -k
good-key
>> The base name of the path is too big
# /etc/init.d/auditd restart
>>Stopping auditd: [ OK ]
------ IT hangs here -------
-loulwa
More information about the Linux-audit
mailing list