← Back to team overview

kernel-packages team mailing list archive

[Bug 1473584] [NEW] AUDIT_USER_AVC messages are not printk'ed when auditd is not running

 

Public bug reported:

The auditd daemon is not part of the default phone images. At the kernel
level, the audit_enabled variable remains 0 until an auditd daemon
registers itself. There is a bug in old kernels that causes
AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
the bug several years ago and marked the patch for the stable tree but
the phone kernels (mako, at least) did not pull in the patch. The
upstream commit id is:

  0868a5e150bc4c47e7a003367cd755811eb41e0b

What this means for our phone images is that any denial messages from
the system D-Bus daemon are dropped instead of being properly routed to
the syslog. This results in headaches for debugging app confinement
denials.

** Affects: linux-flo (Ubuntu)
     Importance: Medium
     Assignee: Tyler Hicks (tyhicks)
         Status: In Progress

** Affects: linux-mako (Ubuntu)
     Importance: Medium
     Assignee: Tyler Hicks (tyhicks)
         Status: In Progress

** Affects: linux-manta (Ubuntu)
     Importance: Medium
     Assignee: Tyler Hicks (tyhicks)
         Status: In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  In Progress
Status in linux-mako package in Ubuntu:
  In Progress
Status in linux-manta package in Ubuntu:
  In Progress

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions


Follow ups