[rsbac] kernel oops accessing /dev/log
Vincent Danen
vdanen at annvix.org
Fri Feb 10 20:18:45 CET 2006
* Amon Ott <ao at rsbac.org> [2006-02-10 10:04:15 +0100]:
> > > > You can mail it to me. It lists all function addresses, so you
> can
> > > > look at the EIP and the call trace to find which function it was
> in.
> > >
> > > There is also a utility, ksymoops, which does this for you.
> >
> > Looked at it and sent the output to Amon as well. Mumbo-jumbo to
> me..
>
> This is the sys_lstat64 function. I cannot really see any step where
> it could dereference a NULL pointer.
>
> According to oops.txt and System.map it is sys_fstat. Not much luck
> there either. Hmm.
>
> Does the oops still happen, if you disable RSBAC network support
> completely?
That seems to have done it. Need to test a bit further, but no oops so
far in the vmware machine or on the x86 machine. I disabled NET,
NET_DEV, and NET_OBJ (the three CONFIG_RSBAC_NET* things that were
enabled).
Thanks, Amon! Does that help to track it down a bit? Maybe? =) I'm
going to rebuild the kernels with this same config on x86_64 and make
sure there isn't any regression, but so far it looks good (rebooted
twice on each "machine" to see if it was sporadic, looked at the
/dev/log and /var/lib/mysql/mysql.sock files and so far so good).
--
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
Wasting time like it was free...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20060210/82165008/attachment.bin
More information about the rsbac
mailing list