[Apparmor-general] What does this audit log entry mean?
Christian Boltz
apparmor at cboltz.de
Mon Feb 2 05:04:36 MST 2009
Hello,
Am Montag, 2. Februar 2009 schrieb John Johansen:
> Christian Boltz wrote:
> > type=APPARMOR_ALLOWED msg=audit(1233365168.452:270):
> > operation="inode_permission" info="Failed name resolution - object
> > not a valid entry" error=-2 requested_mask="w::" denied_mask="w::"
> > fsuid=30 pid=31893 profile="/usr/sbin/httpd2-prefork//vhost_foobar"
> - name resolution fails because the pathname is too long. If this
> were the case you would get an error=-12 (-ENOMEM). If this
> happens, you can increase the maximum path length size by writing a
> byte value to /sys/modules/apparmor/parameters/path_max
Not my error number ;-)
> - the mount point becomes disconnected. This can happen due to lazy
> unmounts, or changing or namespace roots.
> What happens here is a apparmor retrieves a partial path and then
> can't connect it so it fails with an error=-2 (-ENOENT).
This would match my error number - but I'm not aware of having umounted
any filesystem (or doing a server reboot etc.) at the time the above
event was logged. /var/log/messages also doesn't show anything usual
that would point to umount or reboot - the server was "just running" at
this time.
Could there be other reasons causing "error=-2"?
Regards,
Christian Boltz
--
.: Schneewittchen & die Pfälzer Waldconnection :.
Ein polit-kabarettistisches Märchenstück mit viel Musik
gesungen & gespielt von Mitgliedern der Landjugend RheinhessenPfalz
18.1.2009 Berlin - 6.2.2009 Neustadt - Infos: www.LJ-RheinhessenPfalz.de
More information about the Apparmor-general
mailing list