Re: System hangs using audit-0.9.9 (and few versions before)

Steve Grubb wrote: I am on an SMP x86_64 platform (kernel .65) I tried the 0.9.11 audit ... and it hung (waited on it for 7.5 minutes but I was able to do ctrl-z to stop the test) ... however I believe the run left the system in an unstable state considering it wouldn't respond to a reboot command, and had to be force rebooted anyway. Before I rebooted .. I got this ps -ef | grep audit output: root 2311 11 0 18:38 ? 00:00:00 [kauditd] root 3000 2946 0 18:40 pts/1 00:00:00 /bin/bash /etc/rc.d/init.d/auditd stop root 3008 3000 99 18:40 pts/1 00:01:17 /sbin/auditctl -D root 3009 13 19 18:40 ? 00:00:14 [audit_list_rule] root 3017 2899 0 18:41 pts/0 00:00:00 grep audit I went back to the 0.9.10 version and it worked but slowly ... I did end up with a lot of hanging processes regarding [audit_list_watch] and [audit_list_rules] ... When I tried to do kill -9 on any of those processes ... it didn't have any effect. Sample (ps -ef | grep audit). Notice auditd isn't even running: root 2311 11 0 18:38 ? 00:00:00 [kauditd] root 3008 1 99 18:40 pts/1 00:07:00 /sbin/auditctl -D root 3009 13 25 18:40 ? 00:01:49 [audit_list_rule] root 3048 11 0 18:43 ? 00:00:00 [audit_list_rule] root 3049 13 0 18:43 ? 00:00:00 [audit_list_watc] root 3050 13 0 18:43 ? 00:00:00 [audit_list_rule] root 3051 11 0 18:43 ? 00:00:00 [audit_list_watc] ..... root 3820 13 0 18:46 ? 00:00:00 [audit_list_rule] root 3821 11 0 18:46 ? 00:00:00 [audit_list_watc] root 3826 2899 0 18:47 pts/0 00:00:00 grep audit - Loulwa