Bug 165610
Summary: | Debug output in console | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mephisto <mephisto> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | dwmw2 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-08-17 14:04:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mephisto
2005-08-10 19:17:17 UTC
This sounds like a kernel problem that might have been fixed. What kernel are you using? Do you have the audit daemon running? i'm using a custom kernel, but the kernel wasn't the problem here. i didn't have the audit deamon installed. the problem went away after installing the audit package (i only had the libs) and starting the deamon. seems like it was just a dependency problem in the package then, cause the deamon doesn't get installed after an FC3->FC4 upgrade. There is no dependency problem. The messages on the console stem from a kernel bug that may not have been patched. Installing the audit daemon was a temporary workaround that I was going to suggest. What patch do i need to apply to my kernel to solve this problem? I'm using 2.6.12.4. And is that patch still necessary with the 2.6.13 series? Most likely, kernel/audit.c, audit_receive_msg(), sb: case AUDIT_USER: case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: if (!audit_enabled && msg_type != AUDIT_USER_AVC) return 0; I don't know if this is upstream yet. Why was this reassigned to the kernel? It's userspace which is violating the Fedora policies about working (properly) with the upstream and older kernels as much as possible. We shouldn't be generating these audit messages in the default case -- they should be generated only when the system is explicitly configured to do so. This bug should probably be cloned and assigned to pam, sshd, crond, etc. Or possibly fixed in audit-libs. This bug was assigned to the kernel since the kernel is missing the above patch. But after further review, the reporter is using a custom kernel. I really can't solve that problem. The design of the system depends on the kernel making the decision about how to disposition the audit event. Upstream should have all the audit patches soon. The bug reporter found a workaround, booting with audit=0 might also help. |