About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 14 Jul 2005 - 23:50:51 BST


On Thu, Jul 14, 2005 at 03:21:36PM +0200, Enrico Scholz wrote:
> Hello,
>
> it seems to be impossible to use the audit (CONFIG_AUDIT) interface
> of the kernel within a vserver:
>
> | # auditctl -m 'foo'
> | Error sending user message request (Operation not permitted)
>
> The generated syscalls are:
>
> | socket(PF_NETLINK, SOCK_RAW, 9) = 3
> | fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
> | sendto(3, "\24\0\0\0\355\3\5\0\1\0\0\0\0\0\0\0foo\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> | select(4, [3], NULL, NULL, {0, 100000}) = 1 (in [3], left {0, 100000})
> | recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0!e\0\0\377\377\377\377\24\0\0\0"..., 8476, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
> | write(2, "Error sending user message reque"..., 60Error sending user message request (Operation not permitted)) = 60
>
>
> This gives problems on Fedora Core 4 as recent pam upgrade is
> using this functionality and most actions (su, cron) will fail
> therefore.

hmm, does anybody know why pam would want to do syscall
auditing in the first place? I'm a little lost here
actually ...

TIA,
Herbert

> I see two ways to solve the problem:
>
> 1. allow this kind of communication within a context
> 2. make CONFIG_AUDIT conflict with CONFIG_VSERVER and hope that
> libaudit is clever enough to ignore this error (untested)
>
> (I do not know the security implications of 1. and have not
> tested 2.)
>
> Problem was seen on 2.6.12.2-vs2.0-rc5 + remap patch.
>
> Enrico

> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 14 Jul 2005 - 23:51:19 BST by hypermail 2.1.3