The issue isn't connected to any present rules.
I compiled auditd-1.0.16 with rpmbuild --rebuild command, once the
auditd gets started,
all 32 bit program stuck, and so does "ldd" script.
On Mon, Jan 13, 2014 at 9:16 AM, Aaron Lewis <the.warl0ck.1989(a)gmail.com> wrote:
Hi,
I'm running auditd 1.0.16 (compiled manually) with 2.6.9 kernel (RHEL4)
When I added a watch rule, e.g auditctl -w /usr/bin, all 32bit
programs get stuck:
$ strace /path/to/32bit_program
execve("XX", ["XX"], [/* 21 vars */]) = 0
[ Process PID=2901 runs in 32 bit mode. ]
uname(0xffffd880) = -1 EINTR (Interrupted system call)
open("/proc/sys/kernel/osrelease", O_RDONLY) = -1 EINTR (Interrupted
system call)
writev(2, [{"", 0}], 1) = -1 EINTR (Interrupted system call)
_exit(1)
Any ideas? Looks like a kernel-side bug.
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 -
http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 -
http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33