Bug 490072 - auditd hangs on startup if kernel is not compiled with auditing, causing boot to fail
Summary: auditd hangs on startup if kernel is not compiled with auditing, causing boot...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: audit
Version: 10
Hardware: x86_64
OS: Linux
low
high
Target Milestone: ---
Assignee: Steve Grubb
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-13 03:52 UTC by Linus Torvalds
Modified: 2009-03-18 18:54 UTC (History)
1 user (show)

Fixed In Version: 1.7.12-3.fc10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-03-18 18:54:38 UTC


Attachments (Terms of Use)

Description Linus Torvalds 2009-03-13 03:52:26 UTC
Description of problem:

The Fedora-10 boot sequence fails if the kernel is compiled with CONFIG_AUDIT=n

Version-Release number of selected component (if applicable):

audit-1.7.12-1.fc10.x86_64


How reproducible:

100% reproducible


Steps to Reproduce:
1. Configure kernel without CONFIG_AUDIT
2. Try to boot the system with 'auditd' enabled
3. No profit!
  
Actual results:

Hung boot, no login, no nothing

Expected results:

Auditd should just exit and the boot should continue, the way it used to work.

Additional info:

An 'strace' of the failure (done by disabling audit, booting into a kernel without auditing support, and then trying to enable auditing again) shows

3138  pipe([3, 4])                      = 0
3138  fcntl(3, F_SETFD, FD_CLOEXEC)     = 0
3138  fcntl(3, F_SETFD, FD_CLOEXEC)     = 0
3138  clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7285cf2780) = 3139
3138  read(3,  <unfinished ...>

and note how buggy this is? That process 3138 should have closed its own copy of the output pipe (fd 4), but because it didn't do that, now when the child dies, the read() will never finish _anyway_, because the pipe writer is still open.

This bug seems to have been introduced about a week ago when I did a yum update on this machine:

/var/log/messages-20090308:Mar  4 07:51:47 nehalem yum: Updated: audit-libs-1.7.12-1.fc10.x86_64
/var/log/messages-20090308:Mar  4 07:51:49 nehalem yum: Updated: audit-1.7.12-1.fc10.x86_64
/var/log/messages-20090308:Mar  4 07:51:49 nehalem yum: Updated: audit-libs-python-1.7.12-1.fc10.x86_64

because before this, I've happily run Fedora-10 without audit support in the kernel forever.

Comment 1 Linus Torvalds 2009-03-13 03:58:19 UTC
Oh, side note: I didn't actually confirm that it's CONFIG_AUDIT itself that is the only thing missing. I'm not going to bother enabling auditing in the kernel to see exactly what it is that makes auditd fail.

But the strace seems to imply that the failure to open /proc/self/loginuid is what makes the auditd children exit - it's just that auditd itself never exits once the children have exited, because as per above the 'read()' will never finish due to there still being a writer.

Comment 2 Steve Grubb 2009-03-13 10:01:04 UTC
This problem was fixed in rawhide about a week ago. I'll push the change out to F-10 soon. Just in case you wanted the fix, it is here:

https://fedorahosted.org/audit/changeset/265

Comment 3 Fedora Update System 2009-03-15 00:20:18 UTC
audit-1.7.12-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/audit-1.7.12-3.fc10

Comment 4 Steve Grubb 2009-03-15 00:23:54 UTC
I built a new audit package that should fix this problem. I was waiting till a little closer to 2.6.29 release to push this out in case something else needed to be included in an update. In any event, please give the 1.7.12-3 package a try and see if that doesn't work better for you. Thanks for reporting the problem.

Comment 5 Fedora Update System 2009-03-16 19:46:00 UTC
audit-1.7.12-3.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update audit'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2729

Comment 6 Steve Grubb 2009-03-17 20:26:12 UTC
The updated audit package has been requested to be moved to the stable updates repository and should be available to everyone on the next push. Thanks for reporting the bug.

Comment 7 Fedora Update System 2009-03-18 18:54:32 UTC
audit-1.7.12-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.