Re: auditd shutdown issue - Bill O'Donnell

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Bill O'Donnell" <billodo@sgi.com>
To: linux-audit@redhat.com
Subject: Re: auditd shutdown issue
Date: Mon, 7 May 2007 10:56:55 -0500	[thread overview]
Message-ID: <20070507155655.GA18147@sgi.com> (raw)
In-Reply-To: <20070507151806.GA17862@sgi.com>

whoops, forgot the rest of the output:
---------------
Stopping yum-updatesd: [  OK  ]
Stopping anacron: [  OK  ]
Stopping atd: [  OK  ]
Stopping cups: [  OK  ]
Stopping hpiod: [  OK  ]
Stopping hpssd: [  OK  ]
Shutting down xfs: [  OK  ]
Shutting down console mouse services: [  OK  ]
Stopping sshd: [  OK  ]
Shutting down sm-client: [  OK  ]
Shutting down sendmail: [  OK  ]

/etc/rc0.d/K50esp: line 109: [: localhost: binary operator expected
Stopping acpi daemon: [  OK  ]
Stopping crond: [  OK  ]
Shutting down RPC idmapd: [  OK  ]
Stopping autofs:  Stopping automount: [  OK  ]
[  OK  ]
Stopping system message bus: [  OK  ]
Stopping NFS statd: [  OK  ]
Stopping mcstransd: [  OK  ]
Stopping portmap: [  OK  ]
Stopping auditd:audit(1178276231.766:704): avc:  denied  { write } for
pid=2911
 comm="auditd" name="log" dev=tmpfs ino=10195
scontext=system_u:system_r:auditd_
t:s0 tcontext=system_u:object_r:device_t:s0 tclass=sock_file
 audit(1178276231.766:705): audit_pid=0 old=ystem_r:klogd_t:s0 key=(null)
 <5>audit("log" dev=tmpfs ino==(>audit(1178276231.850:1364): avc:  deniite }
for
 pid=3501 comm="klogd" name="ltmpfs ino=10195 scontext=system_u:system_t:s0
tcon
text=system_u:object_r:devicelass=sock_file
<5>audit(1178276231.891:rch=c000003e syscall=42 success=no exit1
a1=55555575b960
 a2=a a3=7fff7d41b1f3 ppid=1 pid=3501 auid=4294967295 uid=0 gi=0 suid=0
fsuid=0
egid=0 sgid=0 fsgid=0 e) comm="klogd" exe="/sbin/klogd"
subj=:system_r:klogd_t:s
0 key=(null)
<5>audi6231.963:4203): avc:  denied  { write }d=3501 comm="klogd" name="log"
dev
=tmpf195
scontext=system_u:system_r:klogd_t:sxt=system_u:object_r:device_t:s0 tc
lass=e
<5>audit(1178276232.004:5235): arch= syscall=42 success=no exit=-13 a0=1
a15b960
 a2=a a3=7fff7d41b1f3 items=0 ppid501 auid=4294967295 uid=0 gid=0 euid=0
suid=0
egid=0 sgid=0 fsgid=0 tty=(none) cgd" exe="/sbin/klogd"
subj=system_u:sysogd_t:s
0 key=(null)
<5>audit(11782762342): avc:  denied  { write } for  pid=35"klogd" name="log"
dev
=tmpfs ino=10195 =system_u:system_r:klogd_t:s0
tcontext=sobject_r:device_t:s0 tc
lass=sock_file
(1178276232.117:8074): arch=c000003e syssuccess=no exit=-13 a0=1
a1=55555575b963
=7fff7d41b1f3 items=0 ppid=1 pid=3501 4967295 uid=0 gid=0 euid=0 suid=0
fsuid= s
gid=0 fsgid=0 tty=(none) comm="klogd" in/klogd"
subj=system_u:system_r:klogd_=(n
ull)
<5>audit(1178276232.179:9623): nied  { write } for  pid=3501
comm="klogd41b1f3 i
tems=0 ppid=1 pid=3501 auid=42967295 uid=0 gid=0 euid=0 suid=0 fsuid=0gid=0
sgid
=0 fsgid=0 tty=(none) comm="kgd" exe="/sbin/klogd"
subj=system_u:sysm_r:klogd_t:
s0 key=(null)
<5>audit(11786232.251:11424): avc:  denied  { write }or  pid=3501
comm="klogd" n
ame="log" detmpfs ino=10195 scontext=system_u:syster:klogd_t:s0
tcontext=system_
u:object_r:vice_t:s0 tclass=sock_file
<5>audit(18276232.302:12709): arch=c000003e syscall2 success=no exit=-13
a0=1 a1
.
.

next prev parent reply	other threads:[~2007-05-07 15:54 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-07 15:18 auditd shutdown issue Bill O'Donnell
2007-05-07 15:56 ` Bill O'Donnell [this message]
2007-05-07 16:12   ` Steve Grubb
2007-05-07 16:38     ` Bill O'Donnell
2007-05-07 17:10       ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070507155655.GA18147@sgi.com \
    --to=billodo@sgi.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.