* 2.6.25 Kernel - Problems with capabilities
@ 2008-04-19 18:43 David
[not found] ` <1208676743.4763.10.camel@marge.simson.net>
0 siblings, 1 reply; 19+ messages in thread
From: David @ 2008-04-19 18:43 UTC (permalink / raw)
To: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 383 bytes --]
I'm wondering if anyone might be able to help with a capability problem
I've noticed with .25 My ntp daemon will no longer run as any non-root
user, and after some investigation it seems that calls to prctl() are
failing.
CONFIG_SECURITY_CAPABILITIES=y , so this should work?
System is 32 bit x86 based on a venerable SuSE 9.1 distro.
Full .config is attached.
Thanks
David
[-- Attachment #2: .config --]
[-- Type: application/x-config, Size: 61674 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
[not found] ` <1208676743.4763.10.camel@marge.simson.net>
@ 2008-04-20 14:09 ` David
2008-04-20 17:15 ` Casey Schaufler
2008-04-20 22:21 ` Andrew Morton
0 siblings, 2 replies; 19+ messages in thread
From: David @ 2008-04-20 14:09 UTC (permalink / raw)
To: Mike Galbraith, Linux Kernel Mailing List
Mike Galbraith wrote:
> On Sat, 2008-04-19 at 19:43 +0100, David wrote:
>
>> I'm wondering if anyone might be able to help with a capability problem
>> I've noticed with .25 My ntp daemon will no longer run as any non-root
>> user, and after some investigation it seems that calls to prctl() are
>> failing.
>>
>> CONFIG_SECURITY_CAPABILITIES=y , so this should work?
>>
>> System is 32 bit x86 based on a venerable SuSE 9.1 distro.
>>
>> Full .config is attached.
>>
>> Thanks
>> David
>>
>>
>>
>
> FWIW, ntpd runs just fine here as user ntp on both my P4 and Q6600 boxen
> with opensuse 10.3.
>
> marge:..tmp/linux-2.6.25 # grep SECUR .config
> CONFIG_EXT2_FS_SECURITY=y
> CONFIG_EXT3_FS_SECURITY=y
> CONFIG_EXT4DEV_FS_SECURITY=y
> CONFIG_SECURITY=y
> CONFIG_SECURITY_NETWORK=y
> CONFIG_SECURITY_NETWORK_XFRM=y
> CONFIG_SECURITY_CAPABILITIES=y
> CONFIG_SECURITY_FILE_CAPABILITIES=y
> CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
> # CONFIG_SECURITY_SELINUX is not set
> marge:..tmp/linux-2.6.25 # grep SECUR /xx
> CONFIG_EXT2_FS_SECURITY=y
> CONFIG_EXT3_FS_SECURITY=y
> CONFIG_REISERFS_FS_SECURITY=y
> # CONFIG_XFS_SECURITY is not set
> CONFIG_SECURITY=y
> CONFIG_SECURITY_NETWORK=y
> # CONFIG_SECURITY_NETWORK_XFRM is not set
> CONFIG_SECURITY_CAPABILITIES=y
> # CONFIG_SECURITY_FILE_CAPABILITIES is not set
> # CONFIG_SECURITY_ROOTPLUG is not set
> CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
>
> I notice I have CONFIG_SECURITY_FILE_CAPABILITIES set, and you don't. I
> have not even the foggiest clue whether that has anything to do with the
> price of tea in china though :)
>
I've just set
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_SECURITY_NETWORK_XFRM=y
to no avail.. I still get
20 Apr 15:04:20 ntpd[15694]: cap_set_proc() failed to drop root
privileges: Invalid argument
after rebuild & reboot. No massive deal, I'll just run ntpd as root for
now, but there's definitely something funny going on.
Cheers
David
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 14:09 ` David
@ 2008-04-20 17:15 ` Casey Schaufler
2008-04-20 17:29 ` David
2008-04-20 22:21 ` Andrew Morton
1 sibling, 1 reply; 19+ messages in thread
From: Casey Schaufler @ 2008-04-20 17:15 UTC (permalink / raw)
To: David, Mike Galbraith, Linux Kernel Mailing List
--- David <david@unsolicited.net> wrote:
> Mike Galbraith wrote:
> > On Sat, 2008-04-19 at 19:43 +0100, David wrote:
> >
> >> I'm wondering if anyone might be able to help with a capability problem
> >> I've noticed with .25 My ntp daemon will no longer run as any non-root
> >> user, and after some investigation it seems that calls to prctl() are
> >> failing.
Do you have a libcap that reflects the change from 32 capabilities
to 64? You'll be looking for libcap.so.2.06 or thereabouts.
Casey Schaufler
casey@schaufler-ca.com
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 17:15 ` Casey Schaufler
@ 2008-04-20 17:29 ` David
2008-04-20 19:08 ` Andi Kleen
2008-04-21 0:00 ` serge
0 siblings, 2 replies; 19+ messages in thread
From: David @ 2008-04-20 17:29 UTC (permalink / raw)
To: casey; +Cc: Mike Galbraith, Linux Kernel Mailing List
Casey Schaufler wrote:
> Do you have a libcap that reflects the change from 32 capabilities
> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
>
Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm now
running normally, thanks!
Was this userspace visible change planned in advance for 2.6.25 ? ... as
I guess a few other people with venerable old userspace components may
come across this issue.
Cheers
David
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 17:29 ` David
@ 2008-04-20 19:08 ` Andi Kleen
2008-04-20 22:04 ` Casey Schaufler
2008-04-21 0:00 ` serge
1 sibling, 1 reply; 19+ messages in thread
From: Andi Kleen @ 2008-04-20 19:08 UTC (permalink / raw)
To: David; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List
David <david@unsolicited.net> writes:
> Casey Schaufler wrote:
>> Do you have a libcap that reflects the change from 32 capabilities
>> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
>>
> Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm
> now running normally, thanks!
FWIW I ran into this problem too with systemtap. It was a quite
nasty surprise and took some time to track down.
I also don't remember seeing a thread about this on l-k. Where was this
major binary breakage discussed?
-Andi
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 19:08 ` Andi Kleen
@ 2008-04-20 22:04 ` Casey Schaufler
2008-04-20 22:36 ` Andi Kleen
0 siblings, 1 reply; 19+ messages in thread
From: Casey Schaufler @ 2008-04-20 22:04 UTC (permalink / raw)
To: Andi Kleen, David; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List
--- Andi Kleen <andi@firstfloor.org> wrote:
> David <david@unsolicited.net> writes:
>
> > Casey Schaufler wrote:
> >> Do you have a libcap that reflects the change from 32 capabilities
> >> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
> >>
> > Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm
> > now running normally, thanks!
>
> FWIW I ran into this problem too with systemtap. It was a quite
> nasty surprise and took some time to track down.
>
> I also don't remember seeing a thread about this on l-k. Where was this
> major binary breakage discussed?
lkml and lsm.
Casey Schaufler
casey@schaufler-ca.com
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 14:09 ` David
2008-04-20 17:15 ` Casey Schaufler
@ 2008-04-20 22:21 ` Andrew Morton
1 sibling, 0 replies; 19+ messages in thread
From: Andrew Morton @ 2008-04-20 22:21 UTC (permalink / raw)
To: David
Cc: efault, linux-kernel, Andrew G. Morgan, linux-security-module,
Serge E. Hallyn
(cc's added)
> On Sun, 20 Apr 2008 15:09:11 +0100 David <david@unsolicited.net> wrote:
> Mike Galbraith wrote:
> > On Sat, 2008-04-19 at 19:43 +0100, David wrote:
> >
> >> I'm wondering if anyone might be able to help with a capability problem
> >> I've noticed with .25 My ntp daemon will no longer run as any non-root
> >> user, and after some investigation it seems that calls to prctl() are
> >> failing.
> >>
> >> CONFIG_SECURITY_CAPABILITIES=y , so this should work?
> >>
> >> System is 32 bit x86 based on a venerable SuSE 9.1 distro.
> >>
> >> Full .config is attached.
> >>
> >> Thanks
> >> David
> >>
> >>
> >>
> >
> > FWIW, ntpd runs just fine here as user ntp on both my P4 and Q6600 boxen
> > with opensuse 10.3.
> >
> > marge:..tmp/linux-2.6.25 # grep SECUR .config
> > CONFIG_EXT2_FS_SECURITY=y
> > CONFIG_EXT3_FS_SECURITY=y
> > CONFIG_EXT4DEV_FS_SECURITY=y
> > CONFIG_SECURITY=y
> > CONFIG_SECURITY_NETWORK=y
> > CONFIG_SECURITY_NETWORK_XFRM=y
> > CONFIG_SECURITY_CAPABILITIES=y
> > CONFIG_SECURITY_FILE_CAPABILITIES=y
> > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
> > # CONFIG_SECURITY_SELINUX is not set
> > marge:..tmp/linux-2.6.25 # grep SECUR /xx
> > CONFIG_EXT2_FS_SECURITY=y
> > CONFIG_EXT3_FS_SECURITY=y
> > CONFIG_REISERFS_FS_SECURITY=y
> > # CONFIG_XFS_SECURITY is not set
> > CONFIG_SECURITY=y
> > CONFIG_SECURITY_NETWORK=y
> > # CONFIG_SECURITY_NETWORK_XFRM is not set
> > CONFIG_SECURITY_CAPABILITIES=y
> > # CONFIG_SECURITY_FILE_CAPABILITIES is not set
> > # CONFIG_SECURITY_ROOTPLUG is not set
> > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
> >
> > I notice I have CONFIG_SECURITY_FILE_CAPABILITIES set, and you don't. I
> > have not even the foggiest clue whether that has anything to do with the
> > price of tea in china though :)
> >
> I've just set
>
> CONFIG_SECURITY_FILE_CAPABILITIES=y
> CONFIG_SECURITY_NETWORK_XFRM=y
>
> to no avail.. I still get
>
>
> 20 Apr 15:04:20 ntpd[15694]: cap_set_proc() failed to drop root
> privileges: Invalid argument
>
> after rebuild & reboot. No massive deal, I'll just run ntpd as root for
> now, but there's definitely something funny going on.
>
> Cheers
> David
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 22:04 ` Casey Schaufler
@ 2008-04-20 22:36 ` Andi Kleen
0 siblings, 0 replies; 19+ messages in thread
From: Andi Kleen @ 2008-04-20 22:36 UTC (permalink / raw)
To: Casey Schaufler
Cc: Andi Kleen, David, Mike Galbraith, Linux Kernel Mailing List
> lkml and lsm.
Can you be more exact please? I skimmed the last 1k messages in the
lsm archive and there was nothing standing out.
-Andi
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-20 17:29 ` David
2008-04-20 19:08 ` Andi Kleen
@ 2008-04-21 0:00 ` serge
2008-04-21 0:44 ` Andrew Morgan
2008-04-21 7:01 ` David R
1 sibling, 2 replies; 19+ messages in thread
From: serge @ 2008-04-21 0:00 UTC (permalink / raw)
To: David; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List, Andrew Morgan
Quoting David (david@unsolicited.net):
> Casey Schaufler wrote:
>> Do you have a libcap that reflects the change from 32 capabilities
>> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
>>
> Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm now
> running normally, thanks!
I don't understand why, though. Looking at the ntpd code (ntp-4.2.4p4)
it just does a cap_set_proc(cap_from_text("X=epi")); It should simply
be sending in the _LINUX_CAPABILITY_VERSION which shipped with libcap,
which should have been _V1, and the kernel should honor that so long as
you didn't try to send in caps > 31, which ntpd wasn't.
> Was this userspace visible change planned in advance for 2.6.25 ? ... as I
> guess a few other people with venerable old userspace components may come
> across this issue.
>
> Cheers
> David
It's been in the works a long time and we thought we'd done pretty
well with backward compatibility. I really don't see why you had
that failure!
Do you know which version of libcap you had before?
thanks,
-serge
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 0:00 ` serge
@ 2008-04-21 0:44 ` Andrew Morgan
2008-04-21 7:20 ` David R
2008-04-21 7:01 ` David R
1 sibling, 1 reply; 19+ messages in thread
From: Andrew Morgan @ 2008-04-21 0:44 UTC (permalink / raw)
To: serge, David; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
serge@hallyn.com wrote:
| Quoting David (david@unsolicited.net):
|> Casey Schaufler wrote:
|>> Do you have a libcap that reflects the change from 32 capabilities
|>> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
|>>
|> Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm now
|> running normally, thanks!
|
| I don't understand why, though. Looking at the ntpd code (ntp-4.2.4p4)
| it just does a cap_set_proc(cap_from_text("X=epi")); It should simply
| be sending in the _LINUX_CAPABILITY_VERSION which shipped with libcap,
| which should have been _V1, and the kernel should honor that so long as
| you didn't try to send in caps > 31, which ntpd wasn't.
|
|> Was this userspace visible change planned in advance for 2.6.25 ? ...
as I
|> guess a few other people with venerable old userspace components may
come
|> across this issue.
|>
|> Cheers
|> David
|
| It's been in the works a long time and we thought we'd done pretty
| well with backward compatibility. I really don't see why you had
| that failure!
I'm confused (and somewhat concerned) about this too. 32-bit capability
apps should act fine. The only thing you might notice is a strange
comment about it in /var/log/messages.
David, can you run strace on the failing program (configuration)?
[I'll see if I can read the complete thread on one of the archives and
see if anything else sticks out.]
Thanks
Andrew
|
| Do you know which version of libcap you had before?
|
| thanks,
| -serge
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIC+NP+bHCR3gb8jsRAjunAKDXe/fDfwIJWi6wgtpdxZefbRq5SACffb1+
pQNi1C/8PPGWYpUXFxizUuI=
=LHl0
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 0:00 ` serge
2008-04-21 0:44 ` Andrew Morgan
@ 2008-04-21 7:01 ` David R
2008-04-21 18:34 ` serge
1 sibling, 1 reply; 19+ messages in thread
From: David R @ 2008-04-21 7:01 UTC (permalink / raw)
To: serge; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List, Andrew Morgan
Quoting serge@hallyn.com:
> Quoting David (david@unsolicited.net):
>> Casey Schaufler wrote:
>>> Do you have a libcap that reflects the change from 32 capabilities
>>> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
>>>
>> Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm now
>> running normally, thanks!
>
> I don't understand why, though. Looking at the ntpd code (ntp-4.2.4p4)
> it just does a cap_set_proc(cap_from_text("X=epi")); It should simply
> be sending in the _LINUX_CAPABILITY_VERSION which shipped with libcap,
> which should have been _V1, and the kernel should honor that so long as
> you didn't try to send in caps > 31, which ntpd wasn't.
>
>> Was this userspace visible change planned in advance for 2.6.25 ? ... as I
>> guess a few other people with venerable old userspace components may come
>> across this issue.
>>
>> Cheers
>> David
>
> It's been in the works a long time and we thought we'd done pretty
> well with backward compatibility. I really don't see why you had
> that failure!
>
> Do you know which version of libcap you had before?
/lib/libcap.so.1 -> libcap.so.1.92
I guess that's 1.92 (should be the version shipped with SuSE 9.1).
Cheers
David
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 0:44 ` Andrew Morgan
@ 2008-04-21 7:20 ` David R
0 siblings, 0 replies; 19+ messages in thread
From: David R @ 2008-04-21 7:20 UTC (permalink / raw)
To: Andrew Morgan; +Cc: serge, casey, Mike Galbraith, Linux Kernel Mailing List
Quoting Andrew Morgan <morgan@kernel.org>:
> David, can you run strace on the failing program (configuration)?
I'll not be able to do that 'till this evening (GMT+1), but will post
an strace then.
Cheers
David
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 7:01 ` David R
@ 2008-04-21 18:34 ` serge
2008-04-21 18:48 ` David
0 siblings, 1 reply; 19+ messages in thread
From: serge @ 2008-04-21 18:34 UTC (permalink / raw)
To: David R
Cc: serge, casey, Mike Galbraith, Linux Kernel Mailing List,
Andrew Morgan
Quoting David R (david@unsolicited.net):
> Quoting serge@hallyn.com:
>
> > Quoting David (david@unsolicited.net):
> >> Casey Schaufler wrote:
> >>> Do you have a libcap that reflects the change from 32 capabilities
> >>> to 64? You'll be looking for libcap.so.2.06 or thereabouts.
> >>>
> >> Adding libcap-2.08 and recompiling ntpd has fixed the issue, and I'm now
> >> running normally, thanks!
> >
> > I don't understand why, though. Looking at the ntpd code (ntp-4.2.4p4)
> > it just does a cap_set_proc(cap_from_text("X=epi")); It should simply
> > be sending in the _LINUX_CAPABILITY_VERSION which shipped with libcap,
> > which should have been _V1, and the kernel should honor that so long as
> > you didn't try to send in caps > 31, which ntpd wasn't.
> >
> >> Was this userspace visible change planned in advance for 2.6.25 ? ... as I
> >> guess a few other people with venerable old userspace components may come
> >> across this issue.
> >>
> >> Cheers
> >> David
> >
> > It's been in the works a long time and we thought we'd done pretty
> > well with backward compatibility. I really don't see why you had
> > that failure!
> >
> > Do you know which version of libcap you had before?
>
> /lib/libcap.so.1 -> libcap.so.1.92
>
> I guess that's 1.92 (should be the version shipped with SuSE 9.1).
Ok, thanks, then it's definately not what I was thinking.
(Will wait to check out your strace)
thanks,
-serge
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 18:34 ` serge
@ 2008-04-21 18:48 ` David
2008-04-21 19:01 ` serge
0 siblings, 1 reply; 19+ messages in thread
From: David @ 2008-04-21 18:48 UTC (permalink / raw)
To: serge; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List, Andrew Morgan
[-- Attachment #1: Type: text/plain, Size: 286 bytes --]
serge@hallyn.com wrote:
>>
>> /lib/libcap.so.1 -> libcap.so.1.92
>>
>> I guess that's 1.92 (should be the version shipped with SuSE 9.1).
>>
>
> Ok, thanks, then it's definately not what I was thinking.
>
> (Will wait to check out your strace)
>
strace attached.
Cheers
David
[-- Attachment #2: ntp.strace --]
[-- Type: text/plain, Size: 35605 bytes --]
execve("/usr/sbin/ntpd", ["ntpd", "-c", "/etc/ntp.conf", "-i", "/var/lib/ntp/", "-p", "/var/run/ntp/ntpd.pid", "-u", "ntp"], [/* 56 vars */]) = 0
uname({sys="Linux", node="server", ...}) = 0
brk(0) = 0x80f8000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40017000
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=103028, ...}) = 0
old_mmap(NULL, 103028, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40018000
close(3) = 0
open("/lib/tls/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p5\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=170563, ...}) = 0
old_mmap(NULL, 137712, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40032000
madvise(0x40032000, 137712, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40053000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0x40053000
close(3) = 0
open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0b\3\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0555, st_size=1417403, ...}) = 0
old_mmap(NULL, 1223928, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40054000
madvise(0x40054000, 1223928, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40167000, 86016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x113000) = 0x40167000
old_mmap(0x4017c000, 11512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4017c000
close(3) = 0
mprotect(0xbf8ab000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) = 0
open("/lib/libcap.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\16\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=33287, ...}) = 0
old_mmap(NULL, 13520, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4017f000
madvise(0x4017f000, 13520, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40182000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x40182000
close(3) = 0
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360U\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1349081, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40183000
old_mmap(NULL, 1132940, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40184000
madvise(0x40184000, 1132940, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x4028e000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10a000) = 0x4028e000
old_mmap(0x40296000, 10636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40296000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\33\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=13647, ...}) = 0
old_mmap(NULL, 8628, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40299000
madvise(0x40299000, 8628, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x4029b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x4029b000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4029c000
set_thread_area({entry_number:-1 -> 6, base_addr:0x4029c080, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0x40018000, 103028) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
brk(0) = 0x80f8000
brk(0x8119000) = 0x8119000
brk(0) = 0x8119000
time([1208803493]) = 1208803493
open("/etc/localtime", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0"..., 4096) = 1323
close(4) = 0
munmap(0x40018000, 4096) = 0
getpid() = 6117
rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_DFL}, 8) = 0
send(3, "<29>Apr 21 19:44:53 ntpd[6117]: "..., 86, 0) = 86
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
umask(0) = 022
umask(022) = 0
getuid32() = 0
gettimeofday({1208803493, 60029}, NULL) = 0
clone(Process 6118 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x4029c0c8) = 6118
[pid 6118] setsid() = 6118
[pid 6118] chdir("/") = 0
[pid 6118] open("/dev/null", O_RDWR) = 4
[pid 6118] fstat64(4, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
[pid 6118] dup2(4, 0) = 0
[pid 6118] dup2(4, 1) = 1
[pid 6118] dup2(4, 2) = 2
[pid 6118] close(4) = 0
[pid 6118] rt_sigaction(SIGHUP, {0x80540f0, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGINT, {0x80540f0, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGQUIT, {0x80540f0, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGTERM, {0x80540f0, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGBUS, {0x80540f0, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGUSR1, {0x8053670, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGUSR2, {0x8053620, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigaction(SIGALRM, {0x806e540, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] setitimer(ITIMER_REAL, {it_interval={1, 0}, it_value={1, 0}}, NULL) = 0
[pid 6118] uname({sys="Linux", node="server", ...}) = 0
[pid 6118] gettimeofday({1208803493, 62080}, NULL) = 0
[pid 6118] gettimeofday({1208803493, 62142}, NULL) = 0
[pid 6118] gettimeofday({1208803493, 62198}, NULL) = 0
[pid 6118] gettimeofday({1208803493, 62252}, NULL) = 0
[pid 6118] gettimeofday({1208803493, 62305}, NULL) = 0
[pid 6118] gettimeofday({1208803493, 62359}, NULL) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 55, 0) = 55
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] gettimeofday({1208803493, 62944}, NULL) = 0
[pid 6118] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4
[pid 6118] close(4) = 0
[pid 6118] socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = -1 EAFNOSUPPORT (Address family not supported by protocol)
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid 6118] getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
[pid 6118] getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
[pid 6118] getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<31>Apr 21 19:44:53 ntpd[6118]: "..., 100, 0) = 100
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] fcntl64(4, F_DUPFD, 16) = 16
[pid 6118] close(4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] bind(16, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(16, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 88, 0) = 88
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid 6118] ioctl(4, 0x8912, 0x80f82b8) = 0
[pid 6118] open("/proc/net/if_inet6", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 17
[pid 6118] close(5) = 0
[pid 6118] setsockopt(17, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(17, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(17, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(17, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 83, 0) = 83
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 18
[pid 6118] close(5) = 0
[pid 6118] setsockopt(18, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(18, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("192.168.0.39")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(18, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(18, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 88, 0) = 88
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 19
[pid 6118] close(5) = 0
[pid 6118] setsockopt(19, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(19, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("192.168.2.2")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(19, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(19, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 87, 0) = 87
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 20
[pid 6118] close(5) = 0
[pid 6118] setsockopt(20, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(20, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("192.168.0.65")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(20, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(20, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 88, 0) = 88
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 21
[pid 6118] close(5) = 0
[pid 6118] setsockopt(21, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(21, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("192.168.0.1")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(21, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(21, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 87, 0) = 87
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 22
[pid 6118] close(5) = 0
[pid 6118] setsockopt(22, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(22, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("192.168.10.1")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(22, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(22, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 91, 0) = 91
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid 6118] fcntl64(5, F_DUPFD, 16) = 23
[pid 6118] close(5) = 0
[pid 6118] setsockopt(23, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 6118] bind(23, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("192.168.20.1")}, 16) = 0
[pid 6118] setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(23, SOL_SOCKET, 0x1d /* SO_??? */, [1], 4) = 0
[pid 6118] fcntl64(23, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 91, 0) = 91
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] ioctl(4, 0x8913, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x8919, 0xbf8ab100) = 0
[pid 6118] ioctl(4, 0x891b, 0xbf8ab100) = 0
[pid 6118] close(4) = 0
[pid 6118] setsockopt(17, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(18, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(19, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(20, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(21, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(22, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] setsockopt(23, SOL_SOCKET, SO_REUSEADDR, [0], 4) = 0
[pid 6118] rt_sigaction(SIGSYS, {0x805f570, [], 0}, {SIG_DFL}, 8) = 0
[pid 6118] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 6118] adjtimex({modes=61, offset=-2725, freq=4946064, maxerror=16, esterror=16, status=64, constant=4, precision=1, tolerance=33554432, time={1208803493, 75815}}) = 5
[pid 6118] rt_sigaction(SIGSYS, {SIG_DFL}, NULL, 8) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 60, 0) = 60
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] open("/var/run/ntp/ntpd.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
[pid 6118] fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
[pid 6118] write(4, "6118", 4) = 4
[pid 6118] close(4) = 0
[pid 6118] munmap(0x40018000, 4096) = 0
[pid 6118] open("/etc/ntp.conf", O_RDONLY) = 4
[pid 6118] fstat64(4, {st_mode=S_IFREG|0644, st_size=2175, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
[pid 6118] read(4, "################################"..., 4096) = 2175
[pid 6118] open("/etc/nsswitch.conf", O_RDONLY) = 5
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=1239, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40019000
[pid 6118] read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1239
[pid 6118] read(5, "", 4096) = 0
[pid 6118] close(5) = 0
[pid 6118] munmap(0x40019000, 4096) = 0
[pid 6118] open("/etc/ld.so.cache", O_RDONLY) = 5
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=103028, ...}) = 0
[pid 6118] old_mmap(NULL, 103028, PROT_READ, MAP_PRIVATE, 5, 0) = 0x4029d000
[pid 6118] close(5) = 0
[pid 6118] open("/lib/libnss_files.so.2", O_RDONLY) = 5
[pid 6118] read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\35"..., 512) = 512
[pid 6118] fstat64(5, {st_mode=S_IFREG|0755, st_size=41737, ...}) = 0
[pid 6118] old_mmap(NULL, 33716, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) = 0x40019000
[pid 6118] madvise(0x40019000, 33716, MADV_SEQUENTIAL|0x1) = 0
[pid 6118] old_mmap(0x40021000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 5, 0x8000) = 0x40021000
[pid 6118] close(5) = 0
[pid 6118] munmap(0x4029d000, 103028) = 0
[pid 6118] open("/etc/services", O_RDONLY) = 5
[pid 6118] fcntl64(5, F_GETFD) = 0
[pid 6118] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
[pid 6118] read(5, "#\n# Network services, Internet s"..., 4096) = 4096
[pid 6118] read(5, "a 20/udp # File Trans"..., 4096) = 4096
[pid 6118] read(5, "ical Address Maintenance\n# "..., 4096) = 4096
[pid 6118] read(5, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
[pid 6118] read(5, " Patrick McNamee <--none--"..., 4096) = 4096
[pid 6118] close(5) = 0
[pid 6118] munmap(0x40022000, 4096) = 0
[pid 6118] open("/etc/services", O_RDONLY) = 5
[pid 6118] fcntl64(5, F_GETFD) = 0
[pid 6118] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
[pid 6118] read(5, "#\n# Network services, Internet s"..., 4096) = 4096
[pid 6118] read(5, "a 20/udp # File Trans"..., 4096) = 4096
[pid 6118] read(5, "ical Address Maintenance\n# "..., 4096) = 4096
[pid 6118] read(5, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
[pid 6118] read(5, " Patrick McNamee <--none--"..., 4096) = 4096
[pid 6118] close(5) = 0
[pid 6118] munmap(0x40022000, 4096) = 0
[pid 6118] open("/var/lib/ntp/drift/ntp.drift", O_RDONLY) = 5
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=7, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
[pid 6118] read(5, "75.471\n", 4096) = 7
[pid 6118] close(5) = 0
[pid 6118] munmap(0x40022000, 4096) = 0
[pid 6118] time([1208803493]) = 1208803493
[pid 6118] rt_sigaction(SIGPIPE, {0x40237f60, [], 0}, {SIG_IGN}, 8) = 0
[pid 6118] send(3, "<30>Apr 21 19:44:53 ntpd[6118]: "..., 98, 0) = 98
[pid 6118] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 6118] open("/var/log/ntp", O_WRONLY|O_APPEND|O_CREAT, 0666) = 5
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=403567, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
[pid 6118] fstat64(5, {st_mode=S_IFREG|0644, st_size=403567, ...}) = 0
[pid 6118] _llseek(5, 403567, [403567], SEEK_SET) = 0
[pid 6118] open("/etc/services", O_RDONLY) = 6
[pid 6118] fcntl64(6, F_GETFD) = 0
[pid 6118] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 6118] fstat64(6, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40023000
[pid 6118] read(6, "#\n# Network services, Internet s"..., 4096) = 4096
[pid 6118] read(6, "a 20/udp # File Trans"..., 4096) = 4096
[pid 6118] read(6, "ical Address Maintenance\n# "..., 4096) = 4096
[pid 6118] read(6, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
[pid 6118] read(6, " Patrick McNamee <--none--"..., 4096) = 4096
[pid 6118] close(6) = 0
[pid 6118] munmap(0x40023000, 4096) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 6118] connect(6, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("212.42.1.207")}, 16) = 0
[pid 6118] getsockname(6, {sa_family=AF_INET, sin_port=htons(4777), sin_addr=inet_addr("192.168.2.2")}, [16]) = 0
[pid 6118] close(6) = 0
[pid 6118] open("/etc/services", O_RDONLY) = 6
[pid 6118] fcntl64(6, F_GETFD) = 0
[pid 6118] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 6118] fstat64(6, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40023000
[pid 6118] read(6, "#\n# Network services, Internet s"..., 4096) = 4096
[pid 6118] read(6, "a 20/udp # File Trans"..., 4096) = 4096
[pid 6118] read(6, "ical Address Maintenance\n# "..., 4096) = 4096
[pid 6118] read(6, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
[pid 6118] read(6, " Patrick McNamee <--none--"..., 4096) = 4096
[pid 6118] close(6) = 0
[pid 6118] munmap(0x40023000, 4096) = 0
[pid 6118] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 6118] connect(6, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("132.146.236.132")}, 16) = 0
[pid 6118] getsockname(6, {sa_family=AF_INET, sin_port=htons(28603), sin_addr=inet_addr("192.168.2.2")}, [16]) = 0
[pid 6118] close(6) = 0
[pid 6118] open("/etc/services", O_RDONLY) = 6
[pid 6118] fcntl64(6, F_GETFD) = 0
[pid 6118] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 6118] fstat64(6, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40023000
[pid 6118] read(6, "#\n# Network services, Internet s"..., 4096) = 4096
[pid 6118] read(6, "a 20/udp # File Trans"..., 4096) = 4096
[pid 6118] read(6, "ical Address Maintenance\n# "..., 4096) = 4096
[pid 6118] read(6, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
[pid 6118] read(6, " Patrick McNamee <--none--"..., 4096) = 4096
[pid 6118] close(6) = 0
[pid 6118] munmap(0x40023000, 4096) = 0
[pid 6118] gettimeofday({1208803493, 87853}, NULL) = 0
[pid 6118] open("/etc/resolv.conf", O_RDONLY) = 6
[pid 6118] fstat64(6, {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40023000
[pid 6118] read(6, "nameserver 127.0.0.1\nsearch loca"..., 4096) = 34
[pid 6118] read(6, "", 4096) = 0
[pid 6118] close(6) = 0
[pid 6118] munmap(0x40023000, 4096) = 0
[pid 6118] socket(PF_UNIX, SOCK_STREAM, 0) = 6
[pid 6118] connect(6, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
[pid 6118] writev(6, [{"\2\0\0\0\4\0\0\0\25\0\0\0", 12}, {"ntp.cis.strath.ac.uk\0", 21}], 2) = 33
[pid 6118] read(6, "\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\377\377\377\377"..., 32) = 32
[pid 6118] close(6) = 0
[pid 6118] open("/etc/host.conf", O_RDONLY) = 6
[pid 6118] fstat64(6, {st_mode=S_IFREG|0644, st_size=369, ...}) = 0
[pid 6117] exit_group(0) = ?
[pid 6118] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40023000
read(6, "#\n# /etc/host.conf - resolver co"..., 4096) = 369
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40023000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=770, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40023000
read(6, "#\n# hosts This file desc"..., 4096) = 770
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40023000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=103028, ...}) = 0
old_mmap(NULL, 103028, PROT_READ, MAP_PRIVATE, 6, 0) = 0x4029d000
close(6) = 0
open("/lib/libnss_dns.so.2", O_RDONLY) = 6
read(6, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\17\0\000"..., 512) = 512
fstat64(6, {st_mode=S_IFREG|0755, st_size=17722, ...}) = 0
old_mmap(NULL, 17352, PROT_READ|PROT_EXEC, MAP_PRIVATE, 6, 0) = 0x40023000
madvise(0x40023000, 17352, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x40027000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 6, 0x3000) = 0x40027000
close(6) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 6
read(6, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`+\0\000"..., 512) = 512
fstat64(6, {st_mode=S_IFREG|0755, st_size=74342, ...}) = 0
old_mmap(NULL, 73588, PROT_READ|PROT_EXEC, MAP_PRIVATE, 6, 0) = 0x402b7000
madvise(0x402b7000, 73588, MADV_SEQUENTIAL|0x1) = 0
old_mmap(0x402c6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 6, 0xf000) = 0x402c6000
old_mmap(0x402c7000, 8052, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x402c7000
close(6) = 0
munmap(0x4029d000, 103028) = 0
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
gettimeofday({1208803493, 91835}, NULL) = 0
open("/etc/resolv.conf", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "nameserver 127.0.0.1\nsearch loca"..., 4096) = 34
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40028000, 4096) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
send(6, "\221\371\1\0\0\1\0\0\0\0\0\0\3ntp\3cis\6strath\2ac\2u"..., 38, 0) = 38
gettimeofday({1208803493, 93255}, NULL) = 0
poll([{fd=6, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(6, FIONREAD, [261]) = 0
recvfrom(6, "\221\371\201\200\0\1\0\2\0\7\0\2\3ntp\3cis\6strath\2ac"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 261
close(6) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("130.159.196.118")}, 16) = 0
getsockname(6, {sa_family=AF_INET, sin_port=htons(26300), sin_addr=inet_addr("192.168.2.2")}, [16]) = 0
close(6) = 0
open("/etc/services", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "#\n# Network services, Internet s"..., 4096) = 4096
read(6, "a 20/udp # File Trans"..., 4096) = 4096
read(6, "ical Address Maintenance\n# "..., 4096) = 4096
read(6, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
read(6, " Patrick McNamee <--none--"..., 4096) = 4096
close(6) = 0
munmap(0x40028000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=770, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "#\n# hosts This file desc"..., 4096) = 770
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40028000, 4096) = 0
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
send(6, "\221\372\1\0\0\1\0\0\0\0\0\0\5ntp2d\3mcc\2ac\2uk\0\0\1"..., 33, 0) = 33
gettimeofday({1208803493, 96575}, NULL) = 0
poll([{fd=6, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(6, FIONREAD, [198]) = 0
recvfrom(6, "\221\372\201\200\0\1\0\2\0\4\0\1\5ntp2d\3mcc\2ac\2uk\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 198
close(6) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("130.88.203.64")}, 16) = 0
getsockname(6, {sa_family=AF_INET, sin_port=htons(4566), sin_addr=inet_addr("192.168.2.2")}, [16]) = 0
close(6) = 0
open("/etc/services", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "#\n# Network services, Internet s"..., 4096) = 4096
read(6, "a 20/udp # File Trans"..., 4096) = 4096
read(6, "ical Address Maintenance\n# "..., 4096) = 4096
read(6, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
read(6, " Patrick McNamee <--none--"..., 4096) = 4096
close(6) = 0
munmap(0x40028000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=770, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "#\n# hosts This file desc"..., 4096) = 770
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40028000, 4096) = 0
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
send(6, "\221\373\1\0\0\1\0\0\0\0\0\0\3ntp\ttuxfamily\3net\0\0"..., 35, 0) = 35
gettimeofday({1208803493, 99838}, NULL) = 0
poll([{fd=6, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(6, FIONREAD, [93]) = 0
recvfrom(6, "\221\373\201\200\0\1\0\1\0\2\0\0\3ntp\ttuxfamily\3net\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 93
close(6) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("212.85.158.10")}, 16) = 0
getsockname(6, {sa_family=AF_INET, sin_port=htons(24676), sin_addr=inet_addr("192.168.2.2")}, [16]) = 0
close(6) = 0
open("/etc/services", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=596411, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "#\n# Network services, Internet s"..., 4096) = 4096
read(6, "a 20/udp # File Trans"..., 4096) = 4096
read(6, "ical Address Maintenance\n# "..., 4096) = 4096
read(6, "RUTGERS.EDU>\nhttp 80"..., 4096) = 4096
read(6, " Patrick McNamee <--none--"..., 4096) = 4096
close(6) = 0
munmap(0x40028000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=770, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40028000
read(6, "#\n# hosts This file desc"..., 4096) = 770
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40028000, 4096) = 0
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=34, ...}) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0
send(6, "\221\374\1\0\0\1\0\0\0\0\0\0\4time\tflygplats\3net\0"..., 36, 0) = 36
gettimeofday({1208803493, 102714}, NULL) = 0
poll([{fd=6, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(6, FIONREAD, [257]) = 0
recvfrom(6, "\221\374\201\200\0\1\0\2\0\5\0\5\4time\tflygplats\3net"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 257
close(6) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("213.112.52.107")}, 16) = 0
getsockname(6, {sa_family=AF_INET, sin_port=htons(13796), sin_addr=inet_addr("192.168.2.2")}, [16]) = 0
close(6) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0x40018000, 4096) = 0
adjtimex({modes=3, offset=-2725, freq=4946064, maxerror=16, esterror=16, status=64, constant=4, precision=1, tolerance=33554432, time={1208803493, 103755}}) = 5
prctl(0x8, 0x1, 0, 0, 0) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 4
connect(4, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
writev(4, [{"\2\0\0\0\0\0\0\0\4\0\0\0", 12}, {"ntp\0", 4}], 2) = 16
read(4, "\2\0\0\0\1\0\0\0\4\0\0\0\2\0\0\0J\0\0\0\376\377\0\0\v\0"..., 36) = 36
read(4, "ntp\0x\0NTP daemon\0/var/lib/ntp\0/b"..., 41) = 41
close(4) = 0
chdir("/var/lib/ntp/") = 0
chroot("/var/lib/ntp/") = 0
setuid32(74) = 0
setresuid32(-1, 74, -1) = 0
capget(0x20071026, 0, {, , }) = -1 EINVAL (Invalid argument)
capset(0, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME}) = -1 EINVAL (Invalid argument)
time(NULL) = 1208803493
write(5, "21 Apr 19:44:53 ntpd[6118]: cap_"..., 92) = 92
munmap(0x40022000, 4096) = 0
exit_group(-1) = ?
Process 6118 detached
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 18:48 ` David
@ 2008-04-21 19:01 ` serge
2008-04-21 20:28 ` David
0 siblings, 1 reply; 19+ messages in thread
From: serge @ 2008-04-21 19:01 UTC (permalink / raw)
To: David
Cc: serge, casey, Mike Galbraith, Linux Kernel Mailing List,
Andrew Morgan
Quoting David (david@unsolicited.net):
> serge@hallyn.com wrote:
>>>
>>> /lib/libcap.so.1 -> libcap.so.1.92
>>>
>>> I guess that's 1.92 (should be the version shipped with SuSE 9.1).
>>>
>>
>> Ok, thanks, then it's definately not what I was thinking.
>>
>> (Will wait to check out your strace)
>>
> strace attached.
>
> Cheers
> David
>
...
> capget(0x20071026, 0, {, , }) = -1 EINVAL (Invalid argument)
This is odd. libcap-1.x should be passing in 0x19980330.
Next, given the -EINVAL return value ntpd should be seeing a NULL result
from cap_get_proc() and exiting right there.
What version of ntpd is this? (I must be looking at a wrong value, but
even so the fact that cap_get_proc()->capget() is using 0x20071026 for
version doesn't make sense)
> capset(0, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME}) = -1 EINVAL (Invalid argument)
> time(NULL) = 1208803493
> write(5, "21 Apr 19:44:53 ntpd[6118]: cap_"..., 92) = 92
> munmap(0x40022000, 4096) = 0
> exit_group(-1) = ?
> Process 6118 detached
thanks,
-serge
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 19:01 ` serge
@ 2008-04-21 20:28 ` David
2008-04-22 2:42 ` serge
0 siblings, 1 reply; 19+ messages in thread
From: David @ 2008-04-21 20:28 UTC (permalink / raw)
To: serge; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List, Andrew Morgan
serge@hallyn.com wrote:
> Quoting David (david@unsolicited.net):
>
>> serge@hallyn.com wrote:
>>
>>>> /lib/libcap.so.1 -> libcap.so.1.92
>>>>
>>>> I guess that's 1.92 (should be the version shipped with SuSE 9.1).
>>>>
>>>>
>>> Ok, thanks, then it's definately not what I was thinking.
>>>
>>> (Will wait to check out your strace)
>>>
>>>
>> strace attached.
>>
>> Cheers
>> David
>>
>>
>
> ...
>
>> capget(0x20071026, 0, {, , }) = -1 EINVAL (Invalid argument)
>>
>
> This is odd. libcap-1.x should be passing in 0x19980330.
>
> Next, given the -EINVAL return value ntpd should be seeing a NULL result
> from cap_get_proc() and exiting right there.
>
> What version of ntpd is this? (I must be looking at a wrong value, but
> even so the fact that cap_get_proc()->capget() is using 0x20071026 for
> version doesn't make sense)
>
>
>> capset(0, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME}) = -1 EINVAL (Invalid argument)
>> time(NULL) = 1208803493
>> write(5, "21 Apr 19:44:53 ntpd[6118]: cap_"..., 92) = 92
>> munmap(0x40022000, 4096) = 0
>> exit_group(-1) = ?
>> Process 6118 detached
>>
>
>
Oh dear .. more investigation... here's the source from libcap-1.92.
capget() is being called with null arguments, which I guess returns with
the latest version in ch.version ?
The switch then fails and the set gets called with version = 0 ??
Cheers
David
void _libcap_establish_api(void)
{
struct __user_cap_header_struct ch;
struct __user_cap_data_struct cs;
if (_libcap_kernel_version) {
_cap_debug("already identified kernal api 0x%.8x",
_libcap_kernel_version);
return;
}
memset(&ch, 0, sizeof(ch));
memset(&cs, 0, sizeof(cs));
(void) capget(&ch, &cs);
switch (ch.version) {
case 0x19980330:
_libcap_kernel_version = 0x19980330;
_libcap_kernel_features = CAP_FEATURE_PROC;
break;
case 0x19990414:
_libcap_kernel_version = 0x19990414;
_libcap_kernel_features = CAP_FEATURE_PROC|CAP_FEATURE_FILE;
break;
default:
_libcap_kernel_version = 0x00000000;
_libcap_kernel_features = 0x00000000;
}
_cap_debug("version: %x, features: %x\n",
_libcap_kernel_version, _libcap_kernel_features);
}
> thanks,
> -serge
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-21 20:28 ` David
@ 2008-04-22 2:42 ` serge
2008-04-22 5:29 ` Andrew G. Morgan
0 siblings, 1 reply; 19+ messages in thread
From: serge @ 2008-04-22 2:42 UTC (permalink / raw)
To: David
Cc: serge, casey, Mike Galbraith, Linux Kernel Mailing List,
Andrew Morgan
Quoting David (david@unsolicited.net):
> serge@hallyn.com wrote:
>> Quoting David (david@unsolicited.net):
>>
>>> serge@hallyn.com wrote:
>>>
>>>>> /lib/libcap.so.1 -> libcap.so.1.92
>>>>>
>>>>> I guess that's 1.92 (should be the version shipped with SuSE 9.1).
>>>>>
>>>> Ok, thanks, then it's definately not what I was thinking.
>>>>
>>>> (Will wait to check out your strace)
>>>>
>>> strace attached.
>>>
>>> Cheers
>>> David
>>>
>>>
>>
>> ...
>>
>>> capget(0x20071026, 0, {, , }) = -1 EINVAL (Invalid argument)
>>>
>>
>> This is odd. libcap-1.x should be passing in 0x19980330.
>>
>> Next, given the -EINVAL return value ntpd should be seeing a NULL result
>> from cap_get_proc() and exiting right there.
>>
>> What version of ntpd is this? (I must be looking at a wrong value, but
>> even so the fact that cap_get_proc()->capget() is using 0x20071026 for
>> version doesn't make sense)
>>
>>
>>> capset(0, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME,
>>> CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME}) =
>>> -1 EINVAL (Invalid argument)
>>> time(NULL) = 1208803493
>>> write(5, "21 Apr 19:44:53 ntpd[6118]: cap_"..., 92) = 92
>>> munmap(0x40022000, 4096) = 0
>>> exit_group(-1) = ?
>>> Process 6118 detached
>>>
>>
>>
> Oh dear .. more investigation... here's the source from libcap-1.92.
> capget() is being called with null arguments, which I guess returns with
> the latest version in ch.version ?
>
> The switch then fails and the set gets called with version = 0 ??
>
> Cheers
> David
>
> void _libcap_establish_api(void)
> {
> struct __user_cap_header_struct ch;
> struct __user_cap_data_struct cs;
>
> if (_libcap_kernel_version) {
> _cap_debug("already identified kernal api 0x%.8x",
> _libcap_kernel_version);
> return;
> }
>
> memset(&ch, 0, sizeof(ch));
> memset(&cs, 0, sizeof(cs));
>
> (void) capget(&ch, &cs);
>
> switch (ch.version) {
>
> case 0x19980330:
> _libcap_kernel_version = 0x19980330;
> _libcap_kernel_features = CAP_FEATURE_PROC;
> break;
>
> case 0x19990414:
> _libcap_kernel_version = 0x19990414;
> _libcap_kernel_features = CAP_FEATURE_PROC|CAP_FEATURE_FILE;
> break;
>
> default:
> _libcap_kernel_version = 0x00000000;
> _libcap_kernel_features = 0x00000000;
> }
>
> _cap_debug("version: %x, features: %x\n",
> _libcap_kernel_version, _libcap_kernel_features);
> }
Interesting. The version I was looking at (1.10) has nothing like this.
I don't know what shipped with recent RedHat and Fedora distros, but I
guess based on this we can in fact expect more failures from at least
SuSe distros.
We can't reasonably have newer kernels reply to a query with an older
libcap version, so I don't know what to do here. Andrew, do you have
any ideas?
thanks,
-serge
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-22 2:42 ` serge
@ 2008-04-22 5:29 ` Andrew G. Morgan
2008-04-22 5:54 ` David R
0 siblings, 1 reply; 19+ messages in thread
From: Andrew G. Morgan @ 2008-04-22 5:29 UTC (permalink / raw)
To: serge, David; +Cc: casey, Mike Galbraith, Linux Kernel Mailing List
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Short version:
As you have found, libcap2 does address your problem. I suspect that
libcap-1.97 here:
http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap1/
will also prove successful. Please try it and report...
Thanks
Andrew
Long, and "almost funny" version:
A reason this fails on SUSE, is that SUSE appears to be shipping an
experimental version of libcap 1.92 (+ patches). That is I downloaded
the src.rpm from here:
http://download.opensuse.org/distribution/SL-10.1/inst-source/suse/src/
Did the "rpm2cpoi/cpio --extract" chicken dance and, much to my
surprise, discovered the package is based on an experimental version of
libcap that I had made (on a speculative libcap2 branch on sourceforge)
to work with some ancient (and experimental) filesystem capability
support (patches etc., captured here):
http://www.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.2-fcap/README
This kernel patch was never integrated into the kernel, and Serge did
not go even remotely close to it for the final implementation of
filesystem capabilities in the kernel. Needless to say that this (old)
'experimental' libcap fails to work with the new 'released' kernel
support is not at all surprising! :-(
[FWIW The old experimental support extended the capset/capget system
call interface to manipulate filesystem capabilities, where Serge's
patch does this directly via extended attribute system calls. These two
access methods appear to be clashing quite horribly - but failing "safe".]
I believe code based on released version: libcap-1.10 and/or libcap-1.97
which you can download here:
http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap1/
should work. You might like to try 1.97 as a replacement for the SUSE
version and report any issues (the SUSE guys may need to think about a
migration path).
serge@hallyn.com wrote:
| Quoting David (david@unsolicited.net):
|> serge@hallyn.com wrote:
|>> Quoting David (david@unsolicited.net):
|>>
|>>> serge@hallyn.com wrote:
|>>>
|>>>>> /lib/libcap.so.1 -> libcap.so.1.92
|>>>>>
|>>>>> I guess that's 1.92 (should be the version shipped with SuSE 9.1).
|>>>>>
|>>>> Ok, thanks, then it's definately not what I was thinking.
|>>>>
|>>>> (Will wait to check out your strace)
|>>>>
|>>> strace attached.
|>>>
|>>> Cheers
|>>> David
|>>>
|>>>
|>> ...
|>>
|>>> capget(0x20071026, 0, {, , }) = -1 EINVAL (Invalid argument)
|>>>
|>> This is odd. libcap-1.x should be passing in 0x19980330.
|>>
|>> Next, given the -EINVAL return value ntpd should be seeing a NULL result
|>> from cap_get_proc() and exiting right there.
|>>
|>> What version of ntpd is this? (I must be looking at a wrong value, but
|>> even so the fact that cap_get_proc()->capget() is using 0x20071026 for
|>> version doesn't make sense)
|>>
|>>
|>>> capset(0, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME,
|>>> CAP_NET_BIND_SERVICE|CAP_SYS_TIME,
CAP_NET_BIND_SERVICE|CAP_SYS_TIME}) =
|>>> -1 EINVAL (Invalid argument)
|>>> time(NULL) = 1208803493
|>>> write(5, "21 Apr 19:44:53 ntpd[6118]: cap_"..., 92) = 92
|>>> munmap(0x40022000, 4096) = 0
|>>> exit_group(-1) = ?
|>>> Process 6118 detached
|>>>
|>>
|> Oh dear .. more investigation... here's the source from libcap-1.92.
|> capget() is being called with null arguments, which I guess returns with
|> the latest version in ch.version ?
|>
|> The switch then fails and the set gets called with version = 0 ??
|>
|> Cheers
|> David
|>
|> void _libcap_establish_api(void)
|> {
|> struct __user_cap_header_struct ch;
|> struct __user_cap_data_struct cs;
|>
|> if (_libcap_kernel_version) {
|> _cap_debug("already identified kernal api 0x%.8x",
|> _libcap_kernel_version);
|> return;
|> }
|>
|> memset(&ch, 0, sizeof(ch));
|> memset(&cs, 0, sizeof(cs));
|>
|> (void) capget(&ch, &cs);
|>
|> switch (ch.version) {
|>
|> case 0x19980330:
|> _libcap_kernel_version = 0x19980330;
|> _libcap_kernel_features = CAP_FEATURE_PROC;
|> break;
|>
|> case 0x19990414:
|> _libcap_kernel_version = 0x19990414;
|> _libcap_kernel_features = CAP_FEATURE_PROC|CAP_FEATURE_FILE;
|> break;
|>
|> default:
|> _libcap_kernel_version = 0x00000000;
|> _libcap_kernel_features = 0x00000000;
|> }
|>
|> _cap_debug("version: %x, features: %x\n",
|> _libcap_kernel_version, _libcap_kernel_features);
|> }
|
| Interesting. The version I was looking at (1.10) has nothing like this.
|
| I don't know what shipped with recent RedHat and Fedora distros, but I
| guess based on this we can in fact expect more failures from at least
| SuSe distros.
|
| We can't reasonably have newer kernels reply to a query with an older
| libcap version, so I don't know what to do here. Andrew, do you have
| any ideas?
|
| thanks,
| -serge
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFIDXes+bHCR3gb8jsRAt/MAKCOJ3FA9ubvcxY/T69J1Lx4efwpwgCeJI/2
g19NRIbvrZKueObVZYngd04=
=iV8y
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.25 Kernel - Problems with capabilities
2008-04-22 5:29 ` Andrew G. Morgan
@ 2008-04-22 5:54 ` David R
0 siblings, 0 replies; 19+ messages in thread
From: David R @ 2008-04-22 5:54 UTC (permalink / raw)
Cc: serge, casey, Mike Galbraith, Linux Kernel Mailing List
Quoting "Andrew G. Morgan" <morgan@kernel.org>:
> As you have found, libcap2 does address your problem. I suspect that
> libcap-1.97 here:
>
I daresay it will, but libcap v2 sorts my problems out so I'm happy.
It's unfortunate that old versions of SuSE shipped with buggy libcap
as the breakage will be blamed on the kernel upgrade. One of those
things I guess.
David
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2008-04-22 5:56 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-19 18:43 2.6.25 Kernel - Problems with capabilities David
[not found] ` <1208676743.4763.10.camel@marge.simson.net>
2008-04-20 14:09 ` David
2008-04-20 17:15 ` Casey Schaufler
2008-04-20 17:29 ` David
2008-04-20 19:08 ` Andi Kleen
2008-04-20 22:04 ` Casey Schaufler
2008-04-20 22:36 ` Andi Kleen
2008-04-21 0:00 ` serge
2008-04-21 0:44 ` Andrew Morgan
2008-04-21 7:20 ` David R
2008-04-21 7:01 ` David R
2008-04-21 18:34 ` serge
2008-04-21 18:48 ` David
2008-04-21 19:01 ` serge
2008-04-21 20:28 ` David
2008-04-22 2:42 ` serge
2008-04-22 5:29 ` Andrew G. Morgan
2008-04-22 5:54 ` David R
2008-04-20 22:21 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox