On Monday, December 29, 2014 09:18:44 PM Toralf Förster wrote:
On 12/29/2014 08:41 PM, Paul Moore wrote:
> To help verify that I'm heading down the right path, could you share your
> audit configuration as well? If that's not possible, can you at least
> confirm that you using a few audit directory watches?
Well, it is just a victim system for trinity - but I did not configured
auditd in a special manner - so it is just the plain default configuration
of Gentoo:
Okay, thanks for the information; the file related syscall watches are likely
what triggered the problem code. Until I've got the fix sorted out, removing
the syscall watches or just disabling auditd from starting at boot should
workaround the problem.
--
paul moore
www.paul-moore.com