Skip to content

Instantly share code, notes, and snippets.

@mattes
Last active January 6, 2018 18:41
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save mattes/ded4d705b9b0a8212020a001f8a65a10 to your computer and use it in GitHub Desktop.
FROM debian:stretch
RUN apt-get update && \
apt-get install -y \
git \
build-essential \
python3 \
python3-pip \
pkg-config \
libsystemd-dev \
libcap-dev \
wget \
vim \
strace
WORKDIR /tmp
RUN wget http://ftp.gnu.org/pub/gnu/gperf/gperf-3.1.tar.gz
RUN tar xvzf gperf-3.1.tar.gz
WORKDIR /tmp/gperf-3.1
RUN cd lib && ./configure && make
RUN cd src && ./configure && make && make install
RUN pip3 install meson sphinx ninja
WORKDIR /tmp
RUN git clone https://github.com/systemd/systemd-netlogd.git
WORKDIR /tmp/systemd-netlogd
RUN make build
RUN make install
RUN groupadd systemd-journal && useradd -G systemd-journal systemd-journal-netlog
root@522a99e1450c:/lib/systemd# strace ./systemd-netlogd 2> out.txt
^Croot@522a99e1450c:/lib/systemd# cat out.txt
execve("./systemd-netlogd", ["./systemd-netlogd"], [/* 11 vars */]) = 0
brk(NULL) = 0x5562c8e77000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6307ff1000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=16528, ...}) = 0
mmap(NULL, 16528, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f6307fec000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\30\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=22768, ...}) = 0
mmap(NULL, 2117976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6307bcb000
mprotect(0x7f6307bcf000, 2097152, PROT_NONE) = 0
mmap(0x7f6307dcf000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f6307dcf000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libsystemd.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=557552, ...}) = 0
mmap(NULL, 561809, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6307f62000
mprotect(0x7f6307fe6000, 4096, PROT_NONE) = 0
mmap(0x7f6307fe7000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x84000) = 0x7f6307fe7000
mmap(0x7f6307feb000, 657, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6307feb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\3\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1689360, ...}) = 0
mmap(NULL, 3795360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f630782c000
mprotect(0x7f63079c1000, 2097152, PROT_NONE) = 0
mmap(0x7f6307bc1000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x195000) = 0x7f6307bc1000
mmap(0x7f6307bc7000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6307bc7000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000k\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=155400, ...}) = 0
mmap(NULL, 2259664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6307604000
mprotect(0x7f6307629000, 2093056, PROT_NONE) = 0
mmap(0x7f6307828000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f6307828000
mmap(0x7f630782a000, 6864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f630782a000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340 \0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31744, ...}) = 0
mmap(NULL, 2128832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f63073fc000
mprotect(0x7f6307403000, 2093056, PROT_NONE) = 0
mmap(0x7f6307602000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f6307602000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2200\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=154376, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6307f60000
mmap(NULL, 2249360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f63071d6000
mprotect(0x7f63071fb000, 2093056, PROT_NONE) = 0
mmap(0x7f63073fa000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f63073fa000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/liblz4.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=72024, ...}) = 0
mmap(NULL, 2167120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6306fc4000
mprotect(0x7f6306fd5000, 2093056, PROT_NONE) = 0
mmap(0x7f63071d4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x7f63071d4000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgcrypt.so.20", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\255\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1112184, ...}) = 0
mmap(NULL, 3208448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6306cb4000
mprotect(0x7f6306dbb000, 2097152, PROT_NONE) = 0
mmap(0x7f6306fbb000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x107000) = 0x7f6306fbb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pa\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=135440, ...}) = 0
mmap(NULL, 2212936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6306a97000
mprotect(0x7f6306aaf000, 2093056, PROT_NONE) = 0
mmap(0x7f6306cae000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f6306cae000
mmap(0x7f6306cb0000, 13384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6306cb0000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\25\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=468920, ...}) = 0
mmap(NULL, 2564360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6306824000
mprotect(0x7f6306896000, 2093056, PROT_NONE) = 0
mmap(0x7f6306a95000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x71000) = 0x7f6306a95000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14640, ...}) = 0
mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6306620000
mprotect(0x7f6306623000, 2093056, PROT_NONE) = 0
mmap(0x7f6306822000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f6306822000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p(\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=79936, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6307f5e000
mmap(NULL, 2175160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f630640c000
mprotect(0x7f630641f000, 2093056, PROT_NONE) = 0
mmap(0x7f630661e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7f630661e000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6307f5b000
arch_prctl(ARCH_SET_FS, 0x7f6307f5b8c0) = 0
mprotect(0x7f6307bc1000, 16384, PROT_READ) = 0
mprotect(0x7f630661e000, 4096, PROT_READ) = 0
mprotect(0x7f6306822000, 4096, PROT_READ) = 0
mprotect(0x7f6306cae000, 4096, PROT_READ) = 0
mprotect(0x7f6306a95000, 4096, PROT_READ) = 0
mprotect(0x7f6306fbb000, 8192, PROT_READ) = 0
mprotect(0x7f63071d4000, 4096, PROT_READ) = 0
mprotect(0x7f63073fa000, 4096, PROT_READ) = 0
mprotect(0x7f6307602000, 4096, PROT_READ) = 0
mprotect(0x7f6307828000, 4096, PROT_READ) = 0
mprotect(0x7f6307fe7000, 12288, PROT_READ) = 0
mprotect(0x7f6307dcf000, 4096, PROT_READ) = 0
mprotect(0x5562c88b7000, 4096, PROT_READ) = 0
mprotect(0x7f6307ff4000, 4096, PROT_READ) = 0
munmap(0x7f6307fec000, 16528) = 0
set_tid_address(0x7f6307f5bb90) = 40
set_robust_list(0x7f6307f5bba0, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f6306a9cbd0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f6306aa80c0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f6306a9cc60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6306aa80c0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL) = 0x5562c8e77000
brk(0x5562c8e98000) = 0x5562c8e98000
statfs("/sys/fs/selinux", 0x7ffd62158040) = -1 ENOENT (No such file or directory)
statfs("/selinux", 0x7ffd62158040) = -1 ENOENT (No such file or directory)
open("/proc/filesystems", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 311
read(3, "", 1024) = 0
close(3) = 0
access("/etc/selinux/config", F_OK) = -1 ENOENT (No such file or directory)
open("/proc/self/stat", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "40 (systemd-netlogd) R 38 38 1 3"..., 1024) = 335
close(3) = 0
getpid() = 40
ioctl(2, TCGETS, 0x7ffd62157fc0) = -1 ENOTTY (Inappropriate ioctl for device)
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = 0
getpid() = 40
setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
connect(3, {sa_family=AF_UNIX, sun_path="/run/systemd/journal/socket"}, 29) = 0
getpid() = 40
umask(022) = 022
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=497, ...}) = 0
read(4, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 497
read(4, "", 4096) = 0
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=16528, ...}) = 0
mmap(NULL, 16528, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f6307fec000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libnss_compat.so.2", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\22\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=31616, ...}) = 0
mmap(NULL, 2126944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f6306204000
mprotect(0x7f630620b000, 2093056, PROT_NONE) = 0
mmap(0x7f630640a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x6000) = 0x7f630640a000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320?\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=89064, ...}) = 0
mmap(NULL, 2194008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f6305fec000
mprotect(0x7f6306000000, 2097152, PROT_NONE) = 0
mmap(0x7f6306200000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x14000) = 0x7f6306200000
mmap(0x7f6306202000, 6744, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6306202000
close(4) = 0
mprotect(0x7f6306200000, 4096, PROT_READ) = 0
mprotect(0x7f630640a000, 4096, PROT_READ) = 0
munmap(0x7f6307fec000, 16528) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=16528, ...}) = 0
mmap(NULL, 16528, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f6307fec000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340 \0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=47688, ...}) = 0
mmap(NULL, 2143656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f6305de0000
mprotect(0x7f6305deb000, 2093056, PROT_NONE) = 0
mmap(0x7f6305fea000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa000) = 0x7f6305fea000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320!\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=47632, ...}) = 0
mmap(NULL, 2168600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f6305bce000
mprotect(0x7f6305bd8000, 2097152, PROT_NONE) = 0
mmap(0x7f6305dd8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa000) = 0x7f6305dd8000
mmap(0x7f6305dda000, 22296, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6305dda000
close(4) = 0
mprotect(0x7f6305dd8000, 4096, PROT_READ) = 0
mprotect(0x7f6305fea000, 4096, PROT_READ) = 0
munmap(0x7f6307fec000, 16528) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
lseek(4, 0, SEEK_CUR) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=1032, ...}) = 0
mmap(NULL, 1032, PROT_READ, MAP_SHARED, 4, 0) = 0x7f6307ff0000
lseek(4, 1032, SEEK_SET) = 1032
munmap(0x7f6307ff0000, 1032) = 0
close(4) = 0
getpid() = 40
epoll_create1(EPOLL_CLOEXEC) = 4
gettid() = 40
rt_sigprocmask(SIG_BLOCK, [INT TERM], NULL, 8) = 0
getpid() = 40
rt_sigprocmask(SIG_SETMASK, NULL, [INT TERM], 8) = 0
getpid() = 40
getpid() = 40
gettid() = 40
getrandom("\3\243\236\346\240%\0x\262\303Rls\300\306B", 16, GRND_NONBLOCK) = 16
signalfd4(-1, [TERM], 8, SFD_CLOEXEC|SFD_NONBLOCK) = 5
epoll_ctl(4, EPOLL_CTL_ADD, 5, {EPOLLIN, {u32=3370626304, u64=93882765782272}}) = 0
getpid() = 40
getpid() = 40
rt_sigprocmask(SIG_SETMASK, NULL, [INT TERM], 8) = 0
getpid() = 40
signalfd4(5, [INT TERM], 8, SFD_CLOEXEC|SFD_NONBLOCK) = 5
getpid() = 40
getpid() = 40
inotify_init1(IN_NONBLOCK|IN_CLOEXEC) = 6
inotify_add_watch(6, "/run/systemd/netif/links/", IN_MOVED_TO|IN_DELETE) = 1
getpid() = 40
epoll_ctl(4, EPOLL_CTL_ADD, 6, {EPOLLIN, {u32=3370626720, u64=93882765782688}}) = 0
lstat("/etc", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/etc/systemd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/etc/systemd/systemd-netlogd.conf.d", 0x7ffd62157da0) = -1 ENOENT (No such file or directory)
lstat("/run", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/run/systemd", {st_mode=S_IFDIR|0755, st_size=420, ...}) = 0
lstat("/run/systemd/systemd-netlogd.conf.d", 0x7ffd62157da0) = -1 ENOENT (No such file or directory)
lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0
lstat("/usr/local/lib", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0
lstat("/usr/local/lib/systemd", 0x7ffd62157da0) = -1 ENOENT (No such file or directory)
lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/lib/systemd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/lib/systemd/systemd-netlogd.conf.d", 0x7ffd62157da0) = -1 ENOENT (No such file or directory)
getpid() = 40
gettid() = 40
getrandom("\223\353+n\270Q\206^i\354ht#\16C\227", 16, GRND_NONBLOCK) = 16
open("/etc/systemd/systemd-netlogd.conf.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/run/systemd/systemd-netlogd.conf.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/systemd/systemd-netlogd.conf.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/usr/lib/systemd/systemd-netlogd.conf.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/systemd/system/systemd-netlogd.conf", O_RDONLY|O_CLOEXEC) = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=116, ...}) = 0
getpid() = 40
fstat(7, {st_mode=S_IFREG|0644, st_size=116, ...}) = 0
read(7, "[Network]\nAddress=40.71.95.146:5"..., 4096) = 116
read(7, "", 4096) = 0
close(7) = 0
stat("/var/lib/systemd/journal-netlogd", {st_mode=S_IFDIR|0744, st_size=4096, ...}) = 0
chmod("/var/lib/systemd/journal-netlogd", 0744) = 0
chown("/var/lib/systemd/journal-netlogd", 1000, 1001) = 0
open("/var/lib/systemd/journal-netlogd/state", O_RDWR|O_CLOEXEC) = 7
fchmod(7, 0644) = 0
fchown(7, 1000, 1001) = 0
close(7) = 0
setresgid(1001, 1001, 1001) = 0
setgroups(0, NULL) = 0
prctl(PR_SET_KEEPCAPS, 1) = 0
setresuid(1000, 1000, 1000) = 0
prctl(PR_SET_KEEPCAPS, 0) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ, inheritable=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ}) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=1<<CAP_SETPCAP, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ, inheritable=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ}) = 0
open("/proc/sys/kernel/cap_last_cap", O_RDONLY|O_CLOEXEC) = 7
fstat(7, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(7, "37\n", 1024) = 3
close(7) = 0
prctl(PR_CAPBSET_DROP, CAP_CHOWN) = 0
prctl(PR_CAPBSET_DROP, CAP_DAC_OVERRIDE) = 0
prctl(PR_CAPBSET_DROP, CAP_DAC_READ_SEARCH) = 0
prctl(PR_CAPBSET_DROP, CAP_FOWNER) = 0
prctl(PR_CAPBSET_DROP, CAP_FSETID) = 0
prctl(PR_CAPBSET_DROP, CAP_KILL) = 0
prctl(PR_CAPBSET_DROP, CAP_SETGID) = 0
prctl(PR_CAPBSET_DROP, CAP_SETUID) = 0
prctl(PR_CAPBSET_DROP, CAP_SETPCAP) = 0
prctl(PR_CAPBSET_DROP, CAP_LINUX_IMMUTABLE) = 0
prctl(PR_CAPBSET_DROP, CAP_NET_RAW) = 0
prctl(PR_CAPBSET_DROP, CAP_IPC_LOCK) = 0
prctl(PR_CAPBSET_DROP, CAP_IPC_OWNER) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_MODULE) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_RAWIO) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_CHROOT) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_PTRACE) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_PACCT) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_ADMIN) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_NICE) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_RESOURCE) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_TIME) = 0
prctl(PR_CAPBSET_DROP, CAP_SYS_TTY_CONFIG) = 0
prctl(PR_CAPBSET_DROP, CAP_MKNOD) = 0
prctl(PR_CAPBSET_DROP, CAP_LEASE) = 0
prctl(PR_CAPBSET_DROP, CAP_AUDIT_WRITE) = 0
prctl(PR_CAPBSET_DROP, CAP_AUDIT_CONTROL) = 0
prctl(PR_CAPBSET_DROP, CAP_SETFCAP) = 0
prctl(PR_CAPBSET_DROP, CAP_MAC_OVERRIDE) = 0
prctl(PR_CAPBSET_DROP, CAP_MAC_ADMIN) = 0
prctl(PR_CAPBSET_DROP, CAP_SYSLOG) = 0
prctl(PR_CAPBSET_DROP, CAP_WAKE_ALARM) = 0
prctl(PR_CAPBSET_DROP, CAP_BLOCK_SUSPEND) = 0
prctl(PR_CAPBSET_DROP, CAP_AUDIT_READ) = 0
capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN, inheritable=1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN}) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN, permitted=1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN, inheritable=0}) = 0
open("/run/systemd/netif/state", O_RDONLY|O_CLOEXEC) = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=155, ...}) = 0
fstat(7, {st_mode=S_IFREG|0644, st_size=155, ...}) = 0
read(7, "# This is private data. Do not p"..., 4096) = 155
read(7, "", 4096) = 0
close(7) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 7
setsockopt(7, SOL_IP, IP_MULTICAST_LOOP, [1], 4) = 0
getpid() = 40
open("/run/log/journal", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 8
fstat(8, {st_mode=S_IFDIR|0755, st_size=160, ...}) = 0
getdents(8, /* 8 entries */, 32768) = 248
getdents(8, /* 0 entries */, 32768) = 0
fstatfs(8, {f_type=TMPFS_MAGIC, f_bsize=4096, f_blocks=958109, f_bfree=958021, f_bavail=958021, f_files=958109, f_ffree=957725, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV}) = 0
close(8) = 0
open("/var/log/journal", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 8
fstat(8, {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}) = 0
getdents(8, /* 3 entries */, 32768) = 104
open("/etc/machine-id", O_RDONLY|O_NOCTTY|O_CLOEXEC) = 9
read(9, "8c859f2bde9e41155bca40d2d85aebb5"..., 38) = 33
read(9, "", 5) = 0
close(9) = 0
getdents(8, /* 0 entries */, 32768) = 0
fstatfs(8, {f_type=EXT2_SUPER_MAGIC, f_bsize=4096, f_blocks=4073434, f_bfree=3727974, f_bavail=3723878, f_files=1036320, f_ffree=978460, f_fsid={val=[3043249494, 3473717931]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
close(8) = 0
getpid() = 40
getpid() = 40
inotify_init1(IN_NONBLOCK|IN_CLOEXEC) = 8
open("/run/log/journal", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
fstat(9, {st_mode=S_IFDIR|0755, st_size=160, ...}) = 0
inotify_add_watch(8, "/proc/self/fd/9", IN_MODIFY|IN_ATTRIB|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_ONLYDIR) = 1
getdents(9, /* 8 entries */, 32768) = 248
getdents(9, /* 0 entries */, 32768) = 0
fstatfs(9, {f_type=TMPFS_MAGIC, f_bsize=4096, f_blocks=958109, f_bfree=958021, f_bavail=958021, f_files=958109, f_ffree=957725, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV}) = 0
close(9) = 0
open("/var/log/journal", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 9
fstat(9, {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}) = 0
inotify_add_watch(8, "/proc/self/fd/9", IN_MODIFY|IN_ATTRIB|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_ONLYDIR) = 2
getdents(9, /* 3 entries */, 32768) = 104
getdents(9, /* 0 entries */, 32768) = 0
fstatfs(9, {f_type=EXT2_SUPER_MAGIC, f_bsize=4096, f_blocks=4073434, f_bfree=3727974, f_bavail=3723878, f_files=1036320, f_ffree=978460, f_fsid={val=[3043249494, 3473717931]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
close(9) = 0
getpid() = 40
getpid() = 40
getpid() = 40
getpid() = 40
epoll_ctl(4, EPOLL_CTL_ADD, 8, {EPOLLIN, {u32=3370635936, u64=93882765791904}}) = 0
open("/var/lib/systemd/journal-netlogd/state", O_RDONLY|O_CLOEXEC) = 9
fstat(9, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
fstat(9, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
read(9, "", 4096) = 0
close(9) = 0
getpid() = 40
getpid() = 40
getpid() = 40
getpid() = 40
epoll_wait(4, strace: Process 40 detached
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment