[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [patch] fix syscall speedup patch mips typo



Hi Steve,

We are starting to get problem reports with this patch. It appears that
nothing sets ctime when the event is started via an avc. The patch below
takes a stab at fixing this. Does it look correct?

I'm seeing this on my system running the .12 kernel and the 1.1.4 tools.
I'm seeing more than just the zero time and a bunch of SOCKETCALL
messages.  I also get a message of type UNKNOWN, more AVCs with the
same serial number and then the serial number increments and I get
a bunch more stuff.  See below.  What's type 1310?

-- ljk

type=USER_START msg=audit(1142413321.732:665): user pid=6451 uid=0 auid=0 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=CRED_ACQ msg=audit(1142413321.732:666): user pid=6451 uid=0 auid=0 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=AVC msg=audit(0.000:667): avc: denied { read } for pid=6764 comm="perl" name="resolv.conf" dev=dm-0 ino=4523009 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:object_r:net_conf_t:s0 tclass=file type=UNKNOWN[1310] msg=audit(0.000:667): success=yes exit=3 items=0 pid=6764 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s15:c0.c255 type=SOCKADDR msg=audit(0.000:667): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000000000000000029895600B4F75F00E4C6750948E18EBF3F7B500008C075098070830910A5770929895600F0AB8709F0AB870970688709BD785600A8CF8409B0CF840908000000B4F75F0058B179097300000048E08EBF
type=SOCKETCALL msg=audit(0.000:667): nargs=3 a0=3 a1=bf8edf6e a2=6e
type=SOCKETCALL msg=audit(0.000:667): nargs=3 a0=1 a1=1 a2=0
type=SOCKADDR msg=audit(0.000:667): saddr=01002F7661722F72756E2F6E7363642F736F636B6574006E5B0000000000000000002051AF0010000000201686091000000008C0750926A47709180000002C51AF00F43FAF002051AF002816860988DE8EBF6980A300FF7F0000281686090500000058DE8EBF10EA5C0020000000
type=SOCKETCALL msg=audit(0.000:667): nargs=3 a0=3 a1=bf8edde6 a2=6e
type=SOCKETCALL msg=audit(0.000:667): nargs=3 a0=1 a1=1 a2=0

(lots of stuff deleted..then more things with the same serial number)

type=AVC msg=audit(0.000:667): avc: denied { write } for pid=6764 comm="perl" laddr=16.116.96.237 lport=32773 faddr=16.64.64.51 fport=53 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tclass=udp_socket type=AVC msg=audit(0.000:667): avc: denied { udp_send } for pid=6764 comm="perl" saddr=16.116.96.237 src=32773 daddr=16.64.64.51 dest=53 netif=eth0 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:object_r:netif_t:s0-s15:c0.c255 tclass=netif type=AVC msg=audit(0.000:667): avc: denied { udp_send } for pid=6764 comm="perl" saddr=16.116.96.237 src=32773 daddr=16.64.64.51 dest=53 netif=eth0 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:object_r:node_t:s0-s15:c0.c255 tclass=node type=AVC msg=audit(0.000:667): avc: denied { send_msg } for pid=6764 comm="perl" saddr=16.116.96.237 src=32773 daddr=16.64.64.51 dest=53 netif=eth0 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:object_r:dns_port_t:s0 tclass=udp_socket type=AVC msg=audit(0.000:667): avc: denied { sendto } for pid=6764 comm="perl" scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:object_r:unlabeled_t:s15:c0.c255 tclass=association type=UNKNOWN[1310] msg=audit(0.000:667): success=yes exit=45 items=0 pid=6764 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s15:c0.c255
type=SOCKETCALL msg=audit(0.000:667): nargs=4 a0=3 a1=bf8ed730 a2=2d a3=0
type=AVC msg=audit(0.000:668): avc: denied { udp_recv } for pid=6443 comm="floaters" saddr=16.64.64.51 src=53 daddr=16.116.96.237 dest=32773 netif=eth0 scontext=system_u:system_r:logwatch_t:s0-s15:c0.c255 tcontext=system_u:object_r:netif_t:s0-s15:c0.c255 tclass=netif






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]