On 28-01-14 07:38, Wicher wrote:
> On Mon, Jan 27, 2014 at 10:35 PM, Patrick Laimbock <[email protected]>
> wrote:
>
>> 6403 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 25
>> 6403 connect(25, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
>> 6403 sendto(25, "<20>Jan 27 22:11:59 dspam[6372]:"..., 119,
>> MSG_NOSIGNAL, NULL, 0) = 119
>> 6403 close(25) = 0
>
> I'm curious — what did it write to the system log just before segfaulting?
Hi Wicher,
I couldn't find anything:
Jan 27 22:01:02 vps kernel: dspam[5621]: segfault at 29 ip
00007f3b55a2612c sp 00007f3b539d1c00 error 4 in
libc-2.12.so[7f3b559de000+18b000]
Jan 28 03:05:53 vps yum[18797]: Updated: ...
The following AVCs were reported in /var/log/audit/audit.log on Jan 27
(please note that SELinux was in permissive mode):
type=AVC msg=audit(1390709045.662:44574): avc: denied { open } for
pid=26277 comm="dspam" name="meminfo" dev=proc ino=4026532034
scontext=system_u:system_r:dspam_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1390709045.663:44575): avc: denied { getattr } for
pid=26277 comm="dspam" path="/proc/meminfo" dev=proc ino=4026532034
scontext=system_u:system_r:dspam_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1390753004.293:46186): avc: denied { read write }
for pid=22849 comm="dspam" path="[eventpoll]" dev=anon_inodefs ino=3786
scontext=system_u:system_r:dspam_t:s0
tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
Regards,
Patrick
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Dspam-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspam-user
