Am 07.12.19 um 18:20 schrieb Colin Watson: > On Sat, Dec 07, 2019 at 04:52:19PM +0100, Bernhard Übelacker wrote: >> I could reproduce the issue in a i386 qemu VM with >> a downgraded 3.16-3-686-pae kernel. >> Attached file contains a debug session. >> >> At the sysenter instruction in function shmdt >> the signal SIGSYS is received. > > Since you're building it locally already, it would be helpful if you > could follow the debugging instructions in a comment near the top of > sandbox-seccomp-filter.c (either the auditctl approach, or if that > doesn't work on such an old kernel, the ""uncomment this macro" > approach).
Really I had not rebuilt it locally, just used the dbgsym packages and downloaded sources. Attached are the lines added to /var/log/audit/audit.log, after "auditctl -a task,always -F uid=0" and a failing ssh attempt. The uncomment-approach did not work for me as I received several compile errors. Kind regards, Bernhard
debugging_auditctl-approach.txt.gz
Description: application/gzip
