About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 14 Jul 2005 - 23:54:10 BST


On Fri, Jul 15, 2005 at 12:50:51AM +0200, Herbert Poetzl wrote:
> On Thu, Jul 14, 2005 at 03:21:36PM +0200, Enrico Scholz wrote:
> > Hello,
> >
> > it seems to be impossible to use the audit (CONFIG_AUDIT) interface
> > of the kernel within a vserver:
> >
> > | # auditctl -m 'foo'
> > | Error sending user message request (Operation not permitted)
> >
> > The generated syscalls are:
> >
> > | socket(PF_NETLINK, SOCK_RAW, 9) = 3
> > | fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
> > | sendto(3, "\24\0\0\0\355\3\5\0\1\0\0\0\0\0\0\0foo\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> > | select(4, [3], NULL, NULL, {0, 100000}) = 1 (in [3], left {0, 100000})
> > | recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0!e\0\0\377\377\377\377\24\0\0\0"..., 8476, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
> > | write(2, "Error sending user message reque"..., 60Error sending user message request (Operation not permitted)) = 60
> >
> >
> > This gives problems on Fedora Core 4 as recent pam upgrade is
> > using this functionality and most actions (su, cron) will fail
> > therefore.
>
> hmm, does anybody know why pam would want to do syscall
> auditing in the first place? I'm a little lost here
> actually ...

ah, looks like redhat is patching again ...

http://people.redhat.com/sgrubb/audit/pam-0.78-loginuid.patch

so I guess it's fine to remove pam_loginuid.so for now
until the auditing interface is virtualized ...

best,
Herbert

> TIA,
> Herbert
>
> > I see two ways to solve the problem:
> >
> > 1. allow this kind of communication within a context
> > 2. make CONFIG_AUDIT conflict with CONFIG_VSERVER and hope that
> > libaudit is clever enough to ignore this error (untested)
> >
> > (I do not know the security implications of 1. and have not
> > tested 2.)
> >
> > Problem was seen on 2.6.12.2-vs2.0-rc5 + remap patch.
> >
> > Enrico
>
>
>
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 14 Jul 2005 - 23:54:29 BST by hypermail 2.1.3