execve("/usr/bin/su", ["su", "-", "build"], 0x7ffe856b9a90 /* 17 vars */) = 0 brk(NULL) = 0x56266c334000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f471000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=13599, ...}) = 0 mmap(NULL, 13599, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f46d000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=67584, ...}) = 0 mmap(NULL, 69656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9b0f45b000 mmap(0x7f9b0f45e000, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f9b0f45e000 mmap(0x7f9b0f467000, 16384, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f9b0f467000 mmap(0x7f9b0f46b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x7f9b0f46b000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14432, ...}) = 0 mmap(NULL, 16464, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9b0f456000 mmap(0x7f9b0f457000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f9b0f457000 mmap(0x7f9b0f458000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f9b0f458000 mmap(0x7f9b0f459000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f9b0f459000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\241\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 840, 64) = 840 fstat(3, {st_mode=S_IFREG|0755, st_size=2022664, ...}) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 840, 64) = 840 mmap(NULL, 2063952, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9b0f25e000 mmap(0x7f9b0f286000, 1482752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f9b0f286000 mmap(0x7f9b0f3f0000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x192000) = 0x7f9b0f3f0000 mmap(0x7f9b0f443000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e5000) = 0x7f9b0f443000 mmap(0x7f9b0f449000, 52816, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f449000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=186312, ...}) = 0 mmap(NULL, 238056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9b0f223000 mmap(0x7f9b0f227000, 57344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f9b0f227000 mmap(0x7f9b0f235000, 110592, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7f9b0f235000 mmap(0x7f9b0f250000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2c000) = 0x7f9b0f250000 mmap(0x7f9b0f252000, 45544, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f252000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=34792, ...}) = 0 mmap(NULL, 32800, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9b0f21a000 mmap(0x7f9b0f21c000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f9b0f21c000 mmap(0x7f9b0f220000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f9b0f220000 mmap(0x7f9b0f221000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f9b0f221000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f218000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f216000 arch_prctl(ARCH_SET_FS, 0x7f9b0f219680) = 0 set_tid_address(0x7f9b0f219950) = 3326340 set_robust_list(0x7f9b0f219960, 24) = 0 rseq({cpu_id_start=0, cpu_id=RSEQ_CPU_ID_UNINITIALIZED, rseq_cs=NULL, flags=0, node_id=0, mm_cid=0, slice_ctrl={request=0, granted=0, __reserved=0}, __reserved=0}, 33, 0, 0x53053053) = 0 mprotect(0x7f9b0f443000, 16384, PROT_READ) = 0 mprotect(0x7f9b0f221000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f250000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f46b000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f459000, 4096, PROT_READ) = 0 mprotect(0x562632fc3000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f4b0000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 getrandom("\xde\x0c\x68\xfd\x11\xb8\x79\x60", 8, GRND_NONBLOCK) = 8 munmap(0x7f9b0f46d000, 13599) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY) = 3 fstatfs(3, {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0x4a, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0 read(3, "40\n", 7) = 3 close(3) = 0 prctl(PR_CAPBSET_READ, CAP_CHOWN) = 1 prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) = 0 brk(NULL) = 0x56266c334000 brk(0x56266c355000) = 0x56266c355000 openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=258, ...}) = 0 mmap(NULL, 258, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f470000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=27028, ...}) = 0 mmap(NULL, 27028, PROT_READ, MAP_SHARED, 3, 0) = 0x7f9b0f20f000 close(3) = 0 futex(0x7f9b0f44872c, FUTEX_WAKE_PRIVATE, 2147483647) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=23, ...}) = 0 mmap(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f46f000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=47, ...}) = 0 mmap(NULL, 47, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f46e000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=127, ...}) = 0 mmap(NULL, 127, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f46d000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_NAME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_NAME", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=62, ...}) = 0 mmap(NULL, 62, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f20e000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_PAPER", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_PAPER", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=34, ...}) = 0 mmap(NULL, 34, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f20d000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=48, ...}) = 0 mmap(NULL, 48, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f20c000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=270, ...}) = 0 mmap(NULL, 270, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f20b000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=1406, ...}) = 0 mmap(NULL, 1406, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f20a000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_TIME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_TIME", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=3360, ...}) = 0 mmap(NULL, 3360, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f209000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=50, ...}) = 0 mmap(NULL, 50, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f208000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=367708, ...}) = 0 mmap(NULL, 367708, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b0f1ae000 close(3) = 0 getuid() = 0 ioctl(0, TCGETS2, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 ioctl(0, TCGETS2, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 ioctl(0, TCGETS2, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 ioctl(0, TCGETS2, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 fstat(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0), ...}) = 0 readlink("/proc/self/fd/0", "/dev/pts/0", 4095) = 10 newfstatat(AT_FDCWD, "/dev/pts/0", {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0), ...}, 0) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=494, ...}, 0) = 0 newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0555, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=494, ...}) = 0 read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 494 read(3, "", 4096) = 0 fstat(3, {st_mode=S_IFREG|0644, st_size=494, ...}) = 0 close(3) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=1099, ...}) = 0 lseek(3, 0, SEEK_SET) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1099 lseek(3, 1030, SEEK_SET) = 1030 close(3) = 0 getuid() = 0 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=494, ...}, 0) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=1099, ...}) = 0 lseek(3, 0, SEEK_SET) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1099 lseek(3, 32, SEEK_SET) = 32 close(3) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/su-l", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/pam.d/su-l", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=137, ...}) = 0 read(3, "#%PAM-1.0\nauth\t\tinclude\t\tsu\nacco"..., 4096) = 137 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/su", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=114, ...}) = 0 fstat(4, {st_mode=S_IFREG|0644, st_size=114, ...}) = 0 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 114 lseek(4, -60, SEEK_CUR) = 54 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 60 lseek(4, 113, SEEK_SET) = 113 close(4) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/su", O_RDONLY) = -1 ENOENT (No such file or directory) socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/su", O_RDONLY) = -1 ENOENT (No such file or directory) socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", O_RDONLY|O_CLOEXEC) = 4 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(4, {st_mode=S_IFREG|0644, st_size=14408, ...}) = 0 mmap(NULL, 16400, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f9b0f1a9000 mmap(0x7f9b0f1aa000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1000) = 0x7f9b0f1aa000 mmap(0x7f9b0f1ab000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x7f9b0f1ab000 mmap(0x7f9b0f1ac000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x7f9b0f1ac000 close(4) = 0 mprotect(0x7f9b0f1ac000, 4096, PROT_READ) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/su", O_RDONLY) = -1 ENOENT (No such file or directory) socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 read(3, "", 4096) = 0 close(3) = 0 openat(AT_FDCWD, "/etc/pam.d/other", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=520, ...}) = 0 read(3, "#\n# /etc/pam.d/other - specify t"..., 4096) = 520 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/common-auth", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1214, ...}) = 0 read(4, "#\n# /etc/pam.d/common-auth - aut"..., 4096) = 1214 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=55376, ...}) = 0 mmap(NULL, 53296, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f19b000 mmap(0x7f9b0f19d000, 32768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f19d000 mmap(0x7f9b0f1a5000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xa000) = 0x7f9b0f1a5000 mmap(0x7f9b0f1a7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7f9b0f1a7000 close(5) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=13599, ...}) = 0 mmap(NULL, 13599, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f9b0f197000 close(5) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=227256, ...}) = 0 mmap(NULL, 258728, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f157000 mmap(0x7f9b0f159000, 106496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f159000 mmap(0x7f9b0f173000, 106496, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x1c000) = 0x7f9b0f173000 mmap(0x7f9b0f18d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x36000) = 0x7f9b0f18d000 mmap(0x7f9b0f18f000, 29352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f18f000 close(5) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=194792, ...}) = 0 mmap(NULL, 202224, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f125000 mmap(0x7f9b0f12b000, 131072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x6000) = 0x7f9b0f12b000 mmap(0x7f9b0f14b000, 32768, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x26000) = 0x7f9b0f14b000 mmap(0x7f9b0f153000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2e000) = 0x7f9b0f153000 mmap(0x7f9b0f155000, 5616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f155000 close(5) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=711216, ...}) = 0 mmap(NULL, 713544, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f076000 mmap(0x7f9b0f079000, 503808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x3000) = 0x7f9b0f079000 mmap(0x7f9b0f0f4000, 192512, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x7e000) = 0x7f9b0f0f4000 mmap(0x7f9b0f123000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xac000) = 0x7f9b0f123000 close(5) = 0 mprotect(0x7f9b0f123000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f153000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f18d000, 4096, PROT_READ) = 0 mprotect(0x7f9b0f1a7000, 4096, PROT_READ) = 0 statfs("/sys/fs/selinux", 0x7ffcb1b69760) = -1 ENOENT (No such file or directory) statfs("/selinux", 0x7ffcb1b69760) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_CLOEXEC) = 5 fstat(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 read(5, "nodev\tsysfs\nnodev\ttmpfs\nnodev\tbd"..., 1024) = 387 read(5, "", 1024) = 0 close(5) = 0 access("/etc/selinux/config", F_OK) = -1 ENOENT (No such file or directory) munmap(0x7f9b0f197000, 13599) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=14040, ...}) = 0 mmap(NULL, 16400, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f071000 mmap(0x7f9b0f072000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x1000) = 0x7f9b0f072000 mmap(0x7f9b0f073000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f073000 mmap(0x7f9b0f074000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f074000 close(5) = 0 mprotect(0x7f9b0f074000, 4096, PROT_READ) = 0 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=14336, ...}) = 0 mmap(NULL, 16400, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f06c000 mmap(0x7f9b0f06d000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x1000) = 0x7f9b0f06d000 mmap(0x7f9b0f06e000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f06e000 mmap(0x7f9b0f06f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f06f000 close(5) = 0 mprotect(0x7f9b0f06f000, 4096, PROT_READ) = 0 read(4, "", 4096) = 0 close(4) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/common-account", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1208, ...}) = 0 read(4, "#\n# /etc/pam.d/common-account - "..., 4096) = 1208 read(4, "", 4096) = 0 close(4) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/common-password", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1620, ...}) = 0 read(4, "#\n# /etc/pam.d/common-password -"..., 4096) = 1620 read(4, "", 4096) = 0 close(4) = 0 newfstatat(AT_FDCWD, "/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/pam.d/common-session", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1180, ...}) = 0 read(4, "#\n# /etc/pam.d/common-session - "..., 4096) = 1180 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=14336, ...}) = 0 mmap(NULL, 16400, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9b0f067000 mmap(0x7f9b0f068000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x1000) = 0x7f9b0f068000 mmap(0x7f9b0f069000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f069000 mmap(0x7f9b0f06a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f9b0f06a000 close(5) = 0 mprotect(0x7f9b0f06a000, 4096, PROT_READ) = 0 read(4, "", 4096) = 0 close(4) = 0 read(3, "", 4096) = 0 close(3) = 0 socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_AUDIT) = 3 readlink("/proc/self/exe", "/usr/bin/su", 4096) = 11 uname({sysname="Linux", nodename="bad9-desktop", ...}) = 0 sendto(3, [{nlmsg_len=140, nlmsg_type=0x44c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=1, nlmsg_pid=0}, "\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x67\x72\x61\x6e\x74\x6f\x72\x73\x3d\x3f"...], 140, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 140 poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}]) recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=1, nlmsg_pid=3326340}, {error=0, msg={nlmsg_len=140, nlmsg_type=AUDIT_FIRST_USER_MSG, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=1, nlmsg_pid=0}}], 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=1, nlmsg_pid=3326340}, {error=0, msg={nlmsg_len=140, nlmsg_type=AUDIT_FIRST_USER_MSG, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=1, nlmsg_pid=0}}], 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36 close(3) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_DROPPABLE|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f19a000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b0f199000 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 getrandom("\x69\x10\x66\x30\xb4\xc6\xf0\x4a\x80\x60\x32\x8d\xb2\x04\x6c\xd1\x5d\x9d\xf8\x47\x0a\xf8\x84\x55\xa6\x1b\x0e\x9e\x63\x74\xfa\xa0", 32, 0) = 32 getpid() = 3326340 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 getpid() = 3326340 openat(AT_FDCWD, "/var/log/btmp", O_WRONLY|O_CLOEXEC) = 3 alarm(0) = 0 rt_sigaction(SIGALRM, {sa_handler=0x7f9b0f3c23a0, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f9b0f29ee30}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 alarm(10) = 0 fcntl(3, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0 alarm(0) = 10 rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f9b0f29ee30}, NULL, 8) = 0 lseek(3, 0, SEEK_END) = 1920 write(3, "\6\0\0\0\204\3012\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 fcntl(3, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0 close(3) = 0 munmap(0x7f9b0f1a9000, 16400) = 0 munmap(0x7f9b0f19b000, 53296) = 0 munmap(0x7f9b0f157000, 258728) = 0 munmap(0x7f9b0f125000, 202224) = 0 munmap(0x7f9b0f076000, 713544) = 0 munmap(0x7f9b0f071000, 16400) = 0 munmap(0x7f9b0f06c000, 16400) = 0 munmap(0x7f9b0f067000, 16400) = 0 openat(AT_FDCWD, "/etc/login.defs", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=4687, ...}) = 0 read(3, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096 read(3, "#\n# The pwck(8) utility emits a "..., 4096) = 591 read(3, "", 4096) = 0 close(3) = 0 openat(AT_FDCWD, "/etc/default/su", O_RDONLY) = -1 ENOENT (No such file or directory) clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=1, tv_nsec=0}, 0x7ffcb1b6a490) = 0 write(2, "su: ", 4su: ) = 4 write(2, "Permission denied", 17Permission denied) = 17 write(2, "\n", 1 ) = 1 dup(1) = 3 close(3) = 0 dup(2) = 3 close(3) = 0 exit_group(1) = ? +++ exited with 1 +++