New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 681859 link

Starred by 1 user
Status: Duplicate
Merged: issue 653575
Owner:
lhchavez@chromium.org
Last visit 16 days ago
Closed: Jan 2017
Cc:
vapier@chromium.org
wad@chromium.org
jorgelo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Get SELinux log spam out of /var/log/messages

Project Member Reported by derat@chromium.org, Jan 17 2017 
When I look in /var/log/messages on a Chromebook, it's often full of useless-seeming SELinux audit messages. For example (from a veyron_speedy running 8872.76.0):

2017-01-14T05:29:12.287008-07:00 DEBUG kernel: [31566.234803] SELinux: initialized (dev proc, type proc), uses genfs_contexts
2017-01-14T05:29:13.146906-07:00 NOTICE kernel: [31567.092076] audit: type=1400 audit(1484396953.130:1286): avc:  denied  { ioctl } for  pid=1845 comm="netfilter-queue" path="socket:[318227]" dev="sockfs" ino=318227 ioctlcmd=8910 scontext=u:r:chromeos:s0 tcontext=u:r:chromeos:s0 tclass=unix_dgram_socket permissive=1
2017-01-14T05:29:13.146937-07:00 NOTICE kernel: [31567.092570] audit: type=1400 audit(1484396953.130:1287): avc:  denied  { ioctl } for  pid=1845 comm="netfilter-queue" path="socket:[318229]" dev="sockfs" ino=318229 ioctlcmd=8910 scontext=u:r:chromeos:s0 tcontext=u:r:chromeos:s0 tclass=unix_dgram_socket permissive=1
2017-01-14T05:29:13.156909-07:00 NOTICE kernel: [31567.104273] audit: type=1400 audit(1484396953.140:1288): avc:  denied  { ioctl } for  pid=1845 comm="netfilter-queue" path="socket:[318232]" dev="sockfs" ino=318232 ioctlcmd=8910 scontext=u:r:chromeos:s0 tcontext=u:r:chromeos:s0 tclass=unix_dgram_socket permissive=1
2017-01-14T05:31:15.627548-07:00 NOTICE kernel: [31689.574258] audit: type=1400 audit(1484397075.610:1289): avc:  denied  { ioctl } for  pid=1845 comm="netfilter-queue" path="socket:[323983]" dev="sockfs" ino=323983 ioctlcmd=8910 scontext=u:r:chromeos:s0 tcontext=u:r:chromeos:s0 tclass=unix_dgram_socket permissive=1

Is it straightforward to divert these to a different log file, if we can't disable them entirely?

Comment 1 by jorgelo@chromium.org, Jan 17 2017

Owner: lhchavez@chromium.org
Status: Assigned (was: Untriaged)
I thought Luis had tried to fix these.

Comment 2 by derat@chromium.org, Jan 17 2017 

Thanks. I think I possibly see less of this on a ToT kevin device, but there are still bits and pieces:

2017-01-17T09:25:03.085756-07:00 NOTICE kernel: [  205.925876] audit: type=1400 audit(1484670303.083:17): avc:  denied  { read } for  pid=8704 comm="Binder_2" name="/" dev="tmpfs" ino=29512 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
2017-01-17T09:25:03.153774-07:00 NOTICE kernel: [  205.994016] audit: type=1400 audit(1484670303.152:18): avc:  denied  { search } for  pid=8704 comm="Binder_2" name="52" dev="proc" ino=34229 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=dir permissive=0

Comment 3 by lhchavez@chromium.org, Jan 17 2017

Mergedinto: 653575
Status: Duplicate (was: Assigned)
Permissive logspam was fixed by djkurtz@ in R56 and R57 ( crbug.com/653575 ). Merge to M55 was not approved.

Actual denials still go to /var/log/messages (or logcat). IIRC the previous owner (rickyz@) mentioned it was difficult to move those logs elsewhere.

Sign in to add a comment