Hi,
With 2.6.3, when loading the rules, it's crashing and I get the
following backtrace:
#0 0x00007ffff687e99d in writev () at ../sysdeps/unix/syscall-template.S:84
#1 0x00005555555610ab in dispatch_event (rep=<optimized out>, is_err=0)
at ../../../src/auditd-dispatch.c:189
#2 0x000055555555a700 in distribute_event (e=0x555555779d80) at
../../../src/auditd.c:216
#3 0x000055555555aac8 in netlink_handler (loop=<optimized out>,
io=<optimized out>, revents=<optimized out>) at ../../../src/auditd.c:500
#4 0x0000555555562eb7 in ev_invoke_pending (loop=0x555555773e80
<default_loop_struct>) at ../../../../src/libev/ev.c:3162
#5 0x000055555556623d in ev_run (loop=0x555555773e80
<default_loop_struct>, flags=0) at ../../../../src/libev/ev.c:3562
#6 0x0000555555559e06 in ev_loop (flags=0, loop=0x555555773e80
<default_loop_struct>) at ../../../src/libev/ev.h:835
#7 main (argc=<optimized out>, argv=<optimized out>) at
../../../src/auditd.c:841
The rules are pretty dump:
-D
-b 8192
-f 1
--backlog_wait_time 0
An idea what's going on?
Cheers,
Laurent Bigonville
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
