Re: [PATCH] Fixed reason field in audit signal logging
On 11/07/2013 09:05 AM, Steve Grubb wrote:
I am confused. This is the abnormal end event I have:
type=ANOM_ABEND msg=audit(1303339663.307:142): auid=4325 uid=0 gid=0 ses=1
subj=unconfined_u:unconfined_r:unconfined_t:s0 pid=3775 comm="aureport" sig=11
Why / when did we start adding text explanations? We should not do that. We
didn't have it before and it should not have been added. The signal number is
enough to identify the problem.
If we did need a reason= field, all these strings with spaces will get
separated on parsing. They should be like "memory-violation" or
"recieved-
abort". And would it be better to hide this in the audit_log_abend function? I
honestly don't understand why this was added.
-Steve
Whoops; looks like I jumped the gun. I also have the same results:
node=test1 type=ANOM_ABEND msg=audit(1383674813.174:5025253):
auid=4294967295 uid=0 gid=0 ses=4294967295
subj=system_u:system_r:xserver_t:s0-s15:c0.c1023 pid=5537 comm="X" sig=6
It looked like it would add value at first read.
LCB
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com