This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 476798 - "auditd -n" does not work
"auditd -n" does not work
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: audit (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Steve Grubb
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-17 02:35 EST by Harald Hoyer
Modified: 2009-07-26 13:48 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-26 13:48:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Harald Hoyer 2008-12-17 02:35:41 EST
Starting auditd from upstart/inittab with "/sbin/auditd -n" does not work.
auditd bails out, complaining, that it is not allowed to fork :)
Comment 1 Harald Hoyer 2008-12-17 02:38:06 EST
/var/log/messages:

Cannot daemonize (Operation not permitted)
Comment 2 Steve Grubb 2008-12-17 07:02:11 EST
I believe this is because /dev/null may not exist yet. So, I instrumented the audit daemon to output a little more info about why it cannot daemonize. Please give the package here a try:

http://people.redhat.com/sgrubb/files/audit-1.7.11-1.src.rpm

Let me know what you find in syslog.
Comment 3 Harald Hoyer 2008-12-17 08:36:46 EST
(In reply to comment #2)
> I believe this is because /dev/null may not exist yet. 

hmm, no, this was tried from upstart and tried from shell.

> So, I instrumented the
> audit daemon to output a little more info about why it cannot daemonize. Please
> give the package here a try:
> 
> http://people.redhat.com/sgrubb/files/audit-1.7.11-1.src.rpm
> 
> Let me know what you find in syslog.

Dec 17 14:36:08 harryh kernel: audit(1229520968.001:239): audit_pid=0 old=495 auid=500 ses=1 subj=unconfined_u:system_r:auditd_t:s0 res=1
Dec 17 14:36:11 harryh auditd: Cannot changed session id
Dec 17 14:36:11 harryh auditd: Cannot daemonize (Operation not permitted)
Dec 17 14:36:11 harryh auditd: The audit daemon is exiting.
Comment 4 Steve Grubb 2008-12-17 09:12:11 EST
OK, that shows me what the problem is. It fails setsid() due to already being a session leader. I'll patch up the audit daemon and push it through the build system.
Comment 5 Steve Grubb 2008-12-17 10:19:10 EST
new audit packages can be found here:

http://koji.fedoraproject.org/koji/buildinfo?buildID=75101

Thanks for reporting the problem.
Comment 6 Harald Hoyer 2008-12-17 10:23:54 EST
Thanks! That was quick :)
Comment 7 Steve Grubb 2009-07-26 13:48:04 EDT
Closing out since bug appears to be fixed long ago.

Note You need to log in before you can comment on or make changes to this bug.