Bug 1260148 - BUG: SELinux AVC messages silently dropped by the audit subsystem in early boot
BUG: SELinux AVC messages silently dropped by the audit subsystem in early boot
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Paul Moore
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-04 10:37 EDT by Paul Moore
Modified: 2016-06-02 16:23 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-06-02 16:23:08 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul Moore 2015-09-04 10:37:41 EDT
Description of problem:
On occasion SELinux AVC denials are dropped by the audit subsystem during early boot without any warnings about dropped audit records. 

Additional info:
Reported as an issue with Android kernels but it is expected to be a problem with standard kernels as well.
Comment 1 Paul Moore 2015-09-04 10:42:49 EDT
I suspect this may be an issue with using the shared printk_ratelimit() limiter in audit_printk_skb() and audit_log_lost(); we probably should implement an audit specific rate limit to prevent other subsystems from squelching audit messages, especially those in audit_log_lost().
Comment 2 Paul Moore 2016-06-02 16:23:08 EDT
We are now tracking upstream bugs via GitHub:

* https://github.com/linux-audit/audit-kernel/issues/17

Note You need to log in before you can comment on or make changes to this bug.