This email serves a public record for anyone else wondering what to do with
these audits.
Recently when working on Android with a 3.14.37 kernel, I came across the
following audits:
[ 170.456077] type=1400 audit(1432616225.277:76): avc: denied {
module_request } for pid=3742 comm="debuggerd" kmod="personality-8"
scontext=u:r:debuggerd:s0 tcontext=u:r:kernel:s0 tclass=system
permissive=1
$ adb shell ps -Z | grep debuggerd
u:r:debuggerd:s0 root 3742 1 /system/bin/debuggerd
u:r:debuggerd:s0 root 3743 1 /system/bin/debuggerd64
I saw these for pretty much any 32 variant of an executable. I was also on an
intel x86 Android platform, I am not sure if this will
Be relevant to other arch's or not. I was able to safely "dontaudit" this, and
it seems removed from 4.0 kernels. Stephen (paraphrasing the email) provided
The following informative links as well as suggesting a dontaudit:
http://marc.info/?l=linux-kernel&m=128934356223514&w=2
More context:
http://marc.info/?l=linux-kernel&m=142878569719810&w=2
Looks like it got removed entirely in 4.0:
http://marc.info/?l=linux-arch&m=142912798314177&w=2
Hopefully this helps some lost soul in the future.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
