enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #08641
[Bug 1952774] [NEW] vfs_full_audit stopped honoring filters
Public bug reported:
Ubuntu version:
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Package version:
samba-vfs-modules:
Installed: 2:4.13.14+dfsg-0ubuntu0.20.04.2
Candidate: 2:4.13.14+dfsg-0ubuntu0.20.04.2
Version table:
*** 2:4.13.14+dfsg-0ubuntu0.20.04.2 500
500 http://fr.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
100 /var/lib/dpkg/status
2:4.13.14+dfsg-0ubuntu0.20.04.1 500
500 http://fr.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
2:4.11.6+dfsg-0ubuntu1 500
500 http://fr.archive.ubuntu.com/ubuntu focal/main amd64 Packages
Expected:
Since last update on Ubuntu Focal, I'm using samba 4.13.14 (samba-vfs-
modules == 2:4.13.14+dfsg-0ubuntu0.20.04.2). On one of my shares, I
enabled vfs_full_audit, like :
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = open opendir create_file unlink rename chmod chown
full_audit:failure = all !open !readdir_attr !translate_name !get_dos_attributes !getxattr !durable_cookie !get_real_filename !stat
full_audit:facility = LOCAL7
full_audit:priority = ALERT
And until that upgrade (I was on 4.11 before, IIRC), it worked fine : I
had it only spit allowed ops (plus a few more, but the impact on logsize
was minimal).
What happened:
Now, I'm catching MUCH more ops that I should, like for instance
(longer, more exhaustive log attached) :
2129 chdir
854 close
204 closedir
2 connect
1062 connectpath
820 create_file
1 disconnect
1098 fcntl
204 fdopendir
12262 file_id_create
2 fs_capabilities
72 fsctl
4416 fs_file_id
1062 fstat
5328 get_alloc_size
3799 get_dos_attributes
5967 get_nt_acl_at
109 getwd
3799 getxattr
348 kernel_flock
3917 listxattr
1062 openat
802 pread_recv
802 pread_send
5743 readdir
1066 realpath
3 seekdir
19024 stat
2 statvfs
18 streaminfo
802 strict_lock_check
8281 sys_acl_get_file
5301 telldir
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "samba_audit.log"
https://bugs.launchpad.net/bugs/1952774/+attachment/5544382/+files/samba_audit.log
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1952774
Title:
vfs_full_audit stopped honoring filters
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions
Follow ups