Bug 2259610
| Summary: | Upgrade from audit 3 to audit 4 stops the audit service | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Miroslav Vadkerti <mvadkert> |
| Component: | audit | Assignee: | Steve Grubb <sgrubb> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | scorreia, sgrubb |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | audit-3.1.2-8.fc39 audit-3.1.2-8.fc38 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-01-29 06:25:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I think the scriptlets need to be redesigned. One of the changes was moving from "service" based commands to auditctl --signal to reduce dependencies. I think this is exposing an ordering problem of the scriptlets. I think I need to wait until after the mass rebuild is merged to update the package, though. FEDORA-2024-71840c5566 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-71840c5566 FEDORA-2024-0327723e2f has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-0327723e2f FEDORA-2024-0327723e2f has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-0327723e2f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-0327723e2f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2024-71840c5566 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-71840c5566` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-71840c5566 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2024-0327723e2f has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2024-71840c5566 (audit-3.1.2-8.fc38) has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. |
If we update from audit 3 to the new audit 4, the auditd service stops working: # systemctl status auditd ○ auditd.service - Security Audit Logging Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; preset: enabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: inactive (dead) since Mon 2024-01-22 11:43:14 UTC; 1min 18s ago Duration: 1min 1.678s Docs: man:auditd(8) https://github.com/linux-audit/audit-documentation Main PID: 742 (code=exited, status=0/SUCCESS) CPU: 76ms Jan 22 11:42:12 localhost systemd[1]: Starting auditd.service - Security Auditing Service... Jan 22 11:42:12 localhost auditd[742]: No plugins found, not dispatching events Jan 22 11:42:12 localhost auditd[742]: Init complete, auditd 3.1.2 listening for events (startup state enable) Jan 22 11:42:12 localhost augenrules[759]: No rules Jan 22 11:42:12 localhost systemd[1]: Started auditd.service - Security Auditing Service. Jan 22 11:43:14 ip-172-31-25-202.us-east-2.compute.internal auditd[742]: The audit daemon is exiting. Jan 22 11:43:14 ip-172-31-25-202.us-east-2.compute.internal systemd[1]: auditd.service: Deactivated successfully. Reproducible: Always Steps to Reproduce: 1. Install system with audit 3 2. Upgrade to audit 4 Actual Results: auditd service stopped Expected Results: auditd service running Found out in CI, auditd should be gated in Fedora and properly tested. Setting severity High as this will soon hit stable releases and later possibly Fedora if not addressed.