Bug 476798 - "auditd -n" does not work
Summary: "auditd -n" does not work
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: audit
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Steve Grubb
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-12-17 07:35 UTC by Harald Hoyer
Modified: 2009-07-26 17:48 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-26 17:48:04 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Harald Hoyer 2008-12-17 07:35:41 UTC
Starting auditd from upstart/inittab with "/sbin/auditd -n" does not work.
auditd bails out, complaining, that it is not allowed to fork :)

Comment 1 Harald Hoyer 2008-12-17 07:38:06 UTC
/var/log/messages:

Cannot daemonize (Operation not permitted)

Comment 2 Steve Grubb 2008-12-17 12:02:11 UTC
I believe this is because /dev/null may not exist yet. So, I instrumented the audit daemon to output a little more info about why it cannot daemonize. Please give the package here a try:

http://people.redhat.com/sgrubb/files/audit-1.7.11-1.src.rpm

Let me know what you find in syslog.

Comment 3 Harald Hoyer 2008-12-17 13:36:46 UTC
(In reply to comment #2)
> I believe this is because /dev/null may not exist yet. 

hmm, no, this was tried from upstart and tried from shell.

> So, I instrumented the
> audit daemon to output a little more info about why it cannot daemonize. Please
> give the package here a try:
> 
> http://people.redhat.com/sgrubb/files/audit-1.7.11-1.src.rpm
> 
> Let me know what you find in syslog.

Dec 17 14:36:08 harryh kernel: audit(1229520968.001:239): audit_pid=0 old=495 auid=500 ses=1 subj=unconfined_u:system_r:auditd_t:s0 res=1
Dec 17 14:36:11 harryh auditd: Cannot changed session id
Dec 17 14:36:11 harryh auditd: Cannot daemonize (Operation not permitted)
Dec 17 14:36:11 harryh auditd: The audit daemon is exiting.

Comment 4 Steve Grubb 2008-12-17 14:12:11 UTC
OK, that shows me what the problem is. It fails setsid() due to already being a session leader. I'll patch up the audit daemon and push it through the build system.

Comment 5 Steve Grubb 2008-12-17 15:19:10 UTC
new audit packages can be found here:

http://koji.fedoraproject.org/koji/buildinfo?buildID=75101

Thanks for reporting the problem.

Comment 6 Harald Hoyer 2008-12-17 15:23:54 UTC
Thanks! That was quick :)

Comment 7 Steve Grubb 2009-07-26 17:48:04 UTC
Closing out since bug appears to be fixed long ago.


Note You need to log in before you can comment on or make changes to this bug.