Results 1 to 8 of 8

Thread: change_hat kernel messages

  1. #1

    Default change_hat kernel messages

    Greetings,

    on a SuSE-11.3 (xen domU) I repeatedly notice the following messages:

    ---
    Dec 17 19:30:01 MTW kernel: [22484.319192] type=1503 audit(1292610601.862:84): operation="change_hat" info="unconfined" error=-1 pid=22001
    Dec 17 19:30:01 MTW kernel: [22484.319222] type=1503 audit(1292610601.862:85): operation="change_hat" info="unconfined" error=-1 pid=22001
    Dec 17 19:45:01 MTW kernel: [23384.365597] type=1503 audit(1292611501.910:86): operation="change_hat" info="unconfined" error=-1 pid=22702
    Dec 17 19:45:01 MTW kernel: [23384.365627] type=1503 audit(1292611501.910:87): operation="change_hat" info="unconfined" error=-1 pid=22702
    ---


    Apparently runs hourly, but cold not find out what process.
    Does anybody has a clue what this means?

    Tnx for reading and hints.
    Wolfl

  2. #2
    Join Date
    Mar 2010
    Location
    Austin - Texas
    Posts
    10,140
    Blog Entries
    48

    Smile Re: change_hat kernel messages

    Have you turned on AppAmor by chance? I found this interesting link.

    2:change hat - Linux Man Pages Manual Documentation for Linux / Solaris / UNIX / BSD

    Thank You,
    My Blog: https://forums.opensuse.org/blogs/jdmcdaniel3/

    Software efficiency halves every 18 months, thus compensating for Moore's Law

    Its James again from Austin, Texas

  3. #3

    Default Re: change_hat kernel messages

    Tnx, removed apparmor

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: change_hat kernel messages

    On 2010-12-19 14:06, WolfGrossi wrote:
    >
    > Tnx, removed apparmor


    That's an important security component of linux...

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  5. #5
    Join Date
    Mar 2009
    Location
    sri mayapur, west bengal, india
    Posts
    958

    Default Re: change_hat kernel messages

    On Sun, 19 Dec 2010 20:20:06 +0530, Carlos E. R.
    <robin_listas@no-mx.forums.opensuse.org> wrote:

    > On 2010-12-19 14:06, WolfGrossi wrote:
    >>
    >> Tnx, removed apparmor

    >
    > That's an important security component of linux...
    >


    how long has apparmor been around actually? i've tried it once, got into a
    lot of problems configuring profiles, and gave it up again. IMO, for not
    particularly sensitive installations, a firewall is secure enough. (must
    say that i don't own a credit card, not even a bank accout, so breaking
    into my machine wouldn't be very rewarding for the hacker, or threatening
    for me.)

    the other danger i'm aware of, that my machine might become part of a
    bot-net, also doesn't scare me very much, since i'm pretty aware of any
    network activity going on: i have so little bandwidth that i have to guard
    it carefully in order to keep the connection functional.

    does everybody else here run apparmor or SElinux? those few times i've
    seen it mentioned in forums or mailing lists, people were switching it off
    because it was causing problems.

    --
    phani.

  6. #6
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    1,917

    Default Re: change_hat kernel messages

    Quote Originally Posted by phanisvara View Post
    On Sun, 19 Dec 2010 20:20:06 +0530, Carlos E. R.
    <robin_listas@no-mx.forums.opensuse.org> wrote:

    > On 2010-12-19 14:06, WolfGrossi wrote:
    >>
    >> Tnx, removed apparmor

    >
    > That's an important security component of linux...
    >


    how long has apparmor been around actually? i've tried it once, got into a
    lot of problems configuring profiles, and gave it up again. IMO, for not
    particularly sensitive installations, a firewall is secure enough. (must
    say that i don't own a credit card, not even a bank accout, so breaking
    into my machine wouldn't be very rewarding for the hacker, or threatening
    for me.)

    the other danger i'm aware of, that my machine might become part of a
    bot-net, also doesn't scare me very much, since i'm pretty aware of any
    network activity going on: i have so little bandwidth that i have to guard
    it carefully in order to keep the connection functional.

    does everybody else here run apparmor or SElinux? those few times i've
    seen it mentioned in forums or mailing lists, people were switching it off
    because it was causing problems.

    --
    phani.
    I started a thread on apparmor http://forums.opensuse.org/english/get-help-here/applications/450422-apparmor-basics.html
    Apparently there are people using it for average desktop. I have also enabled it myself however I still didn't get to creating any profiles and I'm just using the default ones. Hopefully I will have some time to study it a bit further in the near future.

    Best regards,
    Greg
    Best regards,
    Greg

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: change_hat kernel messages

    On 2010-12-19 16:11, phanisvara wrote:
    > On Sun, 19 Dec 2010 20:20:06 +0530, Carlos E. R. <> wrote:


    > how long has apparmor been around actually?


    not many years.

    > i've tried it once, got into
    > a lot of problems configuring profiles, and gave it up again. IMO, for
    > not particularly sensitive installations, a firewall is secure enough.
    > (must say that i don't own a credit card, not even a bank accout, so
    > breaking into my machine wouldn't be very rewarding for the hacker, or
    > threatening for me.)


    You don't normally need to configure profiles, they come already made those
    we normally need.

    > does everybody else here run apparmor or SElinux?


    Selinux is a different matter, you are on your own preparing it.

    > those few times i've
    > seen it mentioned in forums or mailing lists, people were switching it
    > off because it was causing problems.


    It doesn't cause any problem at all to me.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: change_hat kernel messages

    On 2010-12-19 20:36, glistwan wrote:
    > I started a thread on apparmor
    > 'http://forums.opensuse.org/english/get-help-here/applications/450422-apparmor-basics.html'
    > (http://tinyurl.com/3xm6sjp)


    The second link does not work. It goes to
    http://forums-opensuse.provo.novell..../applications/...
    which times out after some minutes, doesn't work.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •