Hello, it seems to be impossible to use the audit (CONFIG_AUDIT) interface of the kernel within a vserver:
| # auditctl -m 'foo'
| Error sending user message request (Operation not permitted)
The generated syscalls are:
| socket(PF_NETLINK, SOCK_RAW, 9) = 3
| fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
| sendto(3, "\24\0\0\0\355\3\5\0\1\0\0\0\0\0\0\0foo\0", 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
| select(4, [3], NULL, NULL, {0, 100000}) = 1 (in [3], left {0, 100000})
| recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0!e\0\0\377\377\377\377\24\0\0\0"...,
8476, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000},
[12]) = 36
| write(2, "Error sending user message reque"..., 60Error sending user message
request (Operation not permitted)) = 60
This gives problems on Fedora Core 4 as recent pam upgrade is
using this functionality and most actions (su, cron) will fail
therefore.
I see two ways to solve the problem:
1. allow this kind of communication within a context
2. make CONFIG_AUDIT conflict with CONFIG_VSERVER and hope that
libaudit is clever enough to ignore this error (untested)
(I do not know the security implications of 1. and have not
tested 2.)
Problem was seen on 2.6.12.2-vs2.0-rc5 + remap patch.
Enrico
pgptjlKWpNF4I.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
