type=AVC msg=audit(1403661301.411:163): avc: denied { read } for pid=12314
comm="sa1" path="/bin/dash" dev="dm-0" ino=848
scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1403661301.411:163): arch=c000003e syscall=10
success=yes exit=0 a0=7f6a131f2000 a1=2000 a2=1 a3=7f6a12fd71a8 items=0
ppid=12313 pid=12314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sa1" exe="/bin/dash"
subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 key=(null)
Syscall 10 on AMD64 is mprotect. Why would mprotect require read access?
I tried running sa1 under gdb, but a breakpoint on mprotect wasn't triggered.
Any suggestions on how to debug this?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/