* [refpolicy] read via mprotect?
@ 2014-06-25 3:55 Russell Coker
0 siblings, 0 replies; only message in thread
From: Russell Coker @ 2014-06-25 3:55 UTC (permalink / raw)
To: refpolicy
type=AVC msg=audit(1403661301.411:163): avc: denied { read } for pid=12314
comm="sa1" path="/bin/dash" dev="dm-0" ino=848
scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1403661301.411:163): arch=c000003e syscall=10
success=yes exit=0 a0=7f6a131f2000 a1=2000 a2=1 a3=7f6a12fd71a8 items=0
ppid=12313 pid=12314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sa1" exe="/bin/dash"
subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 key=(null)
Syscall 10 on AMD64 is mprotect. Why would mprotect require read access?
I tried running sa1 under gdb, but a breakpoint on mprotect wasn't triggered.
Any suggestions on how to debug this?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-06-25 3:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-25 3:55 [refpolicy] read via mprotect? Russell Coker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.