Quanah Gibson-Mount: > --On Thursday, December 10, 2015 2:27 PM -0500 Wietse Venema > <wie...@porcupine.org> wrote: > > > Really, it is as simple as a user-land program that calls open() > > and gets access denied by the kernel. If that is not 100% reproducible > > then you have a flaky kernel, a flaky file system, or some "security" > > system with a flaky implementation. > > Hm, fairly certainly we only see this on Ubuntu OSes, which I know does > handle userland differently than RHEL based OSes. Our production servers > are all based off of RHEL, and never have experienced this problem, even > though they should trigger it every few weeks.
If some breakage is specific to one software distribution, then I would investigate the distribution, instead of blaming the messenger. You could investigate whether AppArmor has a problem with set-gid write permissions. Wietse