Re: audit messages on shutdown -- Netlink socket error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri July 22 2005 11:19 pm, Claude Jones wrote:
> When I shutdown/reboot I get a string of audit messages - these are long
> rows of cryptic messages which pass by too quickly to be able to read - one
> part of a line reads "unrecognized netlink message type" - there are
> probably 10-12 rows of this and then the shutdown continues. There are no
> other indications of trouble. Can someone give me an idea of where to look
> for the cause of this? I've been reading the audid man page, and looked at
> ausearch, but I couldn't figured out how to use it since I don't really
> know what to look for.

Replying to me, I now add  this: in looking at my log for yesterday I find 
this entry:
-------------------- Selinux Audit Begin ------------------------ 

 **Unmatched Entries** 
  audit: initializing netlink socket (disabled)
  audit(1122028142.652:1): initialized 
 ---------------------- Selinux Audit End -------------------------

My netlink.h file, with commented sections removed looks like this:

struct sockaddr_nl
{
	sa_family_t	nl_family;	/* AF_NETLINK	*/
	unsigned short	nl_pad;		/* zero		*/
	__u32		nl_pid;		/* process pid	*/
       	__u32		nl_groups;	/* multicast groups mask */
};

struct nlmsghdr
{
	__u32		nlmsg_len;	/* Length of message including header */
	__u16		nlmsg_type;	/* Message content */
	__u16		nlmsg_flags;	/* Additional flags */
	__u32		nlmsg_seq;	/* Sequence number */
	__u32		nlmsg_pid;	/* Sending process PID */
};

/* Flags values */


/* Modifiers to GET request */


/*
   4.4BSD ADD		NLM_F_CREATE|NLM_F_EXCL
   4.4BSD CHANGE	NLM_F_REPLACE

   True CHANGE		NLM_F_CREATE|NLM_F_REPLACE
   Append		NLM_F_CREATE
   Check		NLM_F_EXCL
 */


struct nlmsgerr
{
	int		error;
	struct nlmsghdr msg;
};

That fourth line looks suspicious, and is highlighted in a different color 
when I look that the file in Konqueror, but I'm not sure what is the cause of 
"unsigned short" and what I should do about it --- Can anyone help? 
-- 
Claude Jones
Bluemont, VA, USA


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux