On Wed, 2004-10-27 at 13:24, Stephen Smalley wrote:
On Wed, 2004-10-27 at 13:13, Barry Roomberg wrote:
I'm running Fedora Core 2 Kernel: 2.6.5-1.358 I'm logging activity in a directory (thanks Stephen).
I occasionally get what look like to be truncated log entries such as:
Oct 27 11:24:21 mstoppel1 kernel: audit(1098890661.257:8894633): avc: granted { read } for pid=17834 exed=500 fsuid=500 egid=500 sgid=500 fsgid=500
"exed=500" ???
also: Oct 27 11:26:47 mstoppel1 kernel: =500 fsgid=500
Any idea why? They are rare and interspersed with good entries.
/me guesses that the kernel audit framework isn't SMP-safe. Is anyone at RedHat looking into this? It was already bugzilla'd by Tom London.
I want to verify that people have only seen this issue on SMP systems.
I can work with Dan on getting a test together to try and reproduce the problem.
Regards,
Peter