Hello, it seems to be impossible to use the audit (CONFIG_AUDIT) interface of the kernel within a vserver:
| # auditctl -m 'foo' | Error sending user message request (Operation not permitted) The generated syscalls are: | socket(PF_NETLINK, SOCK_RAW, 9) = 3 | fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 | sendto(3, "\24\0\0\0\355\3\5\0\1\0\0\0\0\0\0\0foo\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 | select(4, [3], NULL, NULL, {0, 100000}) = 1 (in [3], left {0, 100000}) | recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0!e\0\0\377\377\377\377\24\0\0\0"..., 8476, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 | write(2, "Error sending user message reque"..., 60Error sending user message request (Operation not permitted)) = 60 This gives problems on Fedora Core 4 as recent pam upgrade is using this functionality and most actions (su, cron) will fail therefore. I see two ways to solve the problem: 1. allow this kind of communication within a context 2. make CONFIG_AUDIT conflict with CONFIG_VSERVER and hope that libaudit is clever enough to ignore this error (untested) (I do not know the security implications of 1. and have not tested 2.) Problem was seen on 2.6.12.2-vs2.0-rc5 + remap patch. Enrico
pgptjlKWpNF4I.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver