I installed FC4 a few days ago. After I updated my system (using yum update) I noticed strange messages when I shut down or reboot the computer.
This is from /var/log/audit/audit.log:
type=SYSCALL msg=audit(1127709752.751:4): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bfd08570 a2=80510f8 a3=bfd0e998 items=0 pid=2435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl"
type=SOCKADDR msg=audit(1127709752.751:4): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1127709752.751:4): nargs=6 a0=4 a1=bfd0c7fc a2=10 a3=0 a4=bfd0e998 a5=c
type=SELINUX_ERR msg=audit(1127709752.851:5): SELinux: unrecognized netlink message type=1009 for sclass=49
type=SYSCALL msg=audit(1127709752.851:5): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bfd08560 a2=80510f8 a3=bfd0e988 items=0 pid=2435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl"
type=SOCKADDR msg=audit(1127709752.851:5): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1127709752.851:5): nargs=6 a0=4 a1=bfd0c7ec a2=10 a3=0 a4=bfd0e988 a5=c
What does it mean? Is it something to be concerned about? If so, how can I fix it? Thanks =)
Edit: I found this
post and this
bug report.
Quote:
Bug 165611 was opened to document the hwclock/initscripts problem. A fix was
placed in audit-1.0.2-2 to set auditd_pid to 0 in the kernel on normal shutdown.
I think this is is now solved.
|
# rpm -qa | grep audit
audit-1.0.3-1.fc4
audit-libs-1.0.3-1.fc4
audit-libs-devel-1.0.3-1.fc4
... if a fix was placed in audit-1.0.2-2, then how come I still get the message with audit-1.0.3-1? I'm not too concerned about this, but I'm just curious if anyone else is experiencing this issue.