Resolving "unknown symbol" error messages in the SYSLOG.

Document ID : KB000053774
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

This document contains instructions on how to mask the "unknown symbols" from your syslog file.

Solution

Problem: "Unknown Symbol" messages seen in the syslog/message/dmsg file on LINUX platforms during AC startup. For example:

kernel: seos: Unknown symbol do_execve
kernel: seos: Unknown symbol do_fork
kernel: seos: Unknown symbol ia32_sysret
kernel: seos: Unknown symbol ia32_sys_call_table

About these messages: These messages are generated by the kernel when a kernel module attempts to load and there are unresolved symbols. These messages are informational and AC intercepts these messages and passes the information to our symbol resolution module (SEOS_ksymadd on Linux 2.4 based kernels and eAC_mini for Linux 2.6 based kernels). The symbol resolution module works hand in hand with the Access Control kernel module (SEOS_syscall) to ensure that these symbols are resolved for normal operation of Access Control.

In the event that our symbol resolution module is unable to resolve these symbols, ca will generate a message and will not load our kernel module. When the AC loading process is completed successfully without printing any error message on the screen, and all AC processes are up and running, it means that all unknown symbols which were encountered during loading had been resolved successfully, so the messages in the syslog file can be safely ignored. No adverse effects on the normal operation of AC and the system in general should be expected.

In more recent releases of AC 8.0 SP1 (October 2007 and later), efforts have been made to suppress these messages and/or dismiss their severity with a short message preceding the "unknown symbols" in the syslog.

To filter out these syslog messages:

  1. Stop AC services (secons -sk)

  2. Unload the syscall module. (SEOS_load -u)

  3. Edit /opt/CA/eTrustAccessControl/lbin/loader_symbols_linux.

  4. Clear dmesg. (dmesg -c)

  5. Load AC syscall module (SEOS_load)

  6. Check dmesg for any new "unknown" symbols.

What to edit in loader_symbols_linux:

  • You need to identify your platform and architecture to form a "SYMBOLS_".


    (eg. SYMBOLS_50AS_I86PC_XEN="randomize_va_space sys_call_table do_execve" )

  • One may already exist for you.

    SYMBOL entries are formulated using the following format:
    SYMBOLS_$OSMAJ$OSMIN$OSMIC_$MACHINE_$OSMP

    (eg. SYMBOLS_40AS_I86PC_SP)
    (the last value will be MP for "multiprocessor", SP for "single processor" and BMP for "big" multiprocessor kernel).

You can gather your values with the following util:

getvar.sh OSMAJ OSMIN OSMIC MACHINE OSMP
(getvar.sh is located in /opt/CA/eTrustAccessControl/lbin/ )

If your "unknown symbols" were: exec_shield_randomize AND do_execve, And if your OS is Redhat 4 AS on x86 (single processor), Your filter might look like this:

SYMBOLS_40AS_I86PC_SP="exec_shield_randomize do_execve"

You may find further instructions and documentation within the loader_symbols_linux file.