Bug 476798
Summary: | "auditd -n" does not work | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Harald Hoyer <harald> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 10 | CC: | sgrubb |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-07-26 17:48:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Harald Hoyer
2008-12-17 07:35:41 UTC
/var/log/messages: Cannot daemonize (Operation not permitted) I believe this is because /dev/null may not exist yet. So, I instrumented the audit daemon to output a little more info about why it cannot daemonize. Please give the package here a try: http://people.redhat.com/sgrubb/files/audit-1.7.11-1.src.rpm Let me know what you find in syslog. (In reply to comment #2) > I believe this is because /dev/null may not exist yet. hmm, no, this was tried from upstart and tried from shell. > So, I instrumented the > audit daemon to output a little more info about why it cannot daemonize. Please > give the package here a try: > > http://people.redhat.com/sgrubb/files/audit-1.7.11-1.src.rpm > > Let me know what you find in syslog. Dec 17 14:36:08 harryh kernel: audit(1229520968.001:239): audit_pid=0 old=495 auid=500 ses=1 subj=unconfined_u:system_r:auditd_t:s0 res=1 Dec 17 14:36:11 harryh auditd: Cannot changed session id Dec 17 14:36:11 harryh auditd: Cannot daemonize (Operation not permitted) Dec 17 14:36:11 harryh auditd: The audit daemon is exiting. OK, that shows me what the problem is. It fails setsid() due to already being a session leader. I'll patch up the audit daemon and push it through the build system. new audit packages can be found here: http://koji.fedoraproject.org/koji/buildinfo?buildID=75101 Thanks for reporting the problem. Thanks! That was quick :) Closing out since bug appears to be fixed long ago. |