Bug 490072 - auditd hangs on startup if kernel is not compiled with auditing, causing boot to fail
auditd hangs on startup if kernel is not compiled with auditing, causing boot...
Product: Fedora
Classification: Fedora
Component: audit (Show other bugs)
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: Steve Grubb
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-03-12 23:52 EDT by Linus Torvalds
Modified: 2009-03-18 14:54 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.7.12-3.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-03-18 14:54:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Linus Torvalds 2009-03-12 23:52:26 EDT
Description of problem:

The Fedora-10 boot sequence fails if the kernel is compiled with CONFIG_AUDIT=n

Version-Release number of selected component (if applicable):


How reproducible:

100% reproducible

Steps to Reproduce:
1. Configure kernel without CONFIG_AUDIT
2. Try to boot the system with 'auditd' enabled
3. No profit!
Actual results:

Hung boot, no login, no nothing

Expected results:

Auditd should just exit and the boot should continue, the way it used to work.

Additional info:

An 'strace' of the failure (done by disabling audit, booting into a kernel without auditing support, and then trying to enable auditing again) shows

3138  pipe([3, 4])                      = 0
3138  fcntl(3, F_SETFD, FD_CLOEXEC)     = 0
3138  fcntl(3, F_SETFD, FD_CLOEXEC)     = 0
3138  clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7285cf2780) = 3139
3138  read(3,  <unfinished ...>

and note how buggy this is? That process 3138 should have closed its own copy of the output pipe (fd 4), but because it didn't do that, now when the child dies, the read() will never finish _anyway_, because the pipe writer is still open.

This bug seems to have been introduced about a week ago when I did a yum update on this machine:

/var/log/messages-20090308:Mar  4 07:51:47 nehalem yum: Updated: audit-libs-1.7.12-1.fc10.x86_64
/var/log/messages-20090308:Mar  4 07:51:49 nehalem yum: Updated: audit-1.7.12-1.fc10.x86_64
/var/log/messages-20090308:Mar  4 07:51:49 nehalem yum: Updated: audit-libs-python-1.7.12-1.fc10.x86_64

because before this, I've happily run Fedora-10 without audit support in the kernel forever.
Comment 1 Linus Torvalds 2009-03-12 23:58:19 EDT
Oh, side note: I didn't actually confirm that it's CONFIG_AUDIT itself that is the only thing missing. I'm not going to bother enabling auditing in the kernel to see exactly what it is that makes auditd fail.

But the strace seems to imply that the failure to open /proc/self/loginuid is what makes the auditd children exit - it's just that auditd itself never exits once the children have exited, because as per above the 'read()' will never finish due to there still being a writer.
Comment 2 Steve Grubb 2009-03-13 06:01:04 EDT
This problem was fixed in rawhide about a week ago. I'll push the change out to F-10 soon. Just in case you wanted the fix, it is here:

Comment 3 Fedora Update System 2009-03-14 20:20:18 EDT
audit-1.7.12-3.fc10 has been submitted as an update for Fedora 10.
Comment 4 Steve Grubb 2009-03-14 20:23:54 EDT
I built a new audit package that should fix this problem. I was waiting till a little closer to 2.6.29 release to push this out in case something else needed to be included in an update. In any event, please give the 1.7.12-3 package a try and see if that doesn't work better for you. Thanks for reporting the problem.
Comment 5 Fedora Update System 2009-03-16 15:46:00 EDT
audit-1.7.12-3.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update audit'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2729
Comment 6 Steve Grubb 2009-03-17 16:26:12 EDT
The updated audit package has been requested to be moved to the stable updates repository and should be available to everyone on the next push. Thanks for reporting the bug.
Comment 7 Fedora Update System 2009-03-18 14:54:32 EDT
audit-1.7.12-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.