Quanah Gibson-Mount:
> --On Thursday, December 10, 2015 2:27 PM -0500 Wietse Venema
> <wie...@porcupine.org> wrote:
>
> > Really, it is as simple as a user-land program that calls open()
> > and gets access denied by the kernel. If that is not 100% reproducible
> > then you have a flaky kernel, a flaky file system, or some "security"
> > system with a flaky implementation.
>
> Hm, fairly certainly we only see this on Ubuntu OSes, which I know does
> handle userland differently than RHEL based OSes. Our production servers
> are all based off of RHEL, and never have experienced this problem, even
> though they should trigger it every few weeks.
If some breakage is specific to one software distribution, then I
would investigate the distribution, instead of blaming the messenger.
You could investigate whether AppArmor has a problem with set-gid
write permissions.
Wietse
