auditd failing on lulu (x86_64 kernel 3.14) and elm (aarch64 kernel 3.18) |
|||||
Issue descriptionRunning auditd is a popular method for debugging system events for CrOS developers. On my lulu 3.14 kernel board auditd fails right at the start of main while checking if the process has CAP_AUDIT_CONTROL: https://github.com/linux-audit/audit-userspace/blob/master/src/auditd.c#L664 --> https://github.com/linux-audit/audit-userspace/blob/master/lib/libaudit.c#L1845 . Not sure why this check is failing, since I'm running the program as root and can confirm it has CAP_AUDIT_CONTROL (as well as all the other caps) in its effective set. Could be some incompatibility/problem with libcap-ng? If I comment the check out everything in audit works as expected (of course, since I'm running as root with full caps in developer shell).
,
Jul 10
,
Jul 10
vapier@, do you know who I should ask about this?
,
Jul 10
i think this scenario would be self service and ask for help on chromium-os-dev@ mailing list based on the code in libaudit.c and how it checks for many MACH_xxx values (including aarch64), i'd say it's expected to work on all platforms where the kernel port itself supports audit (not all do iirc) glancing at the code, the NO_TABLES define makes me wonder if it's a cross-compile issue where it tries to generate some tables at build time but uses the host settings which don't match the target board or maybe the code can't handle a change in the set of available caps ... we had to deal with that in minijail in https://chromium-review.googlesource.com/50702
,
Jul 10
ok thanks for the advice
,
Jul 17
i believe the problem is related to this post, putting it down here for (my own) reference: https://www.redhat.com/archives/linux-audit/2015-July/msg00032.html
,
Jul 17
The elm issue seems to indeed be a cross-compile issue, since audit-2.6.4/work/audit-2.6.4-.arm/lib/machinetabs.h should look like this for the elm board (ARM): https://github.com/nwhusted/AuditdAndroid/blob/master/lib/machinetabs.h but instead looks like the following: /* This is a generated file, see Makefile.am for its inputs. */ static const char machine_strings[] = "i386\0i486\0i586\0i686\0ia64\0ppc\0ppc64\0ppc64le\0s390\0s390x\0" "x86_64"; static const unsigned machine_s2i_s[] = { 0,5,10,15,20,25,29,35,43,48, 54, }; static const int machine_s2i_i[] = { 0,0,0,0,2,4,3,10,6,5, 1, }; static int machine_s2i(const char *s, int *value) { size_t len, i; len = strlen(s); { char copy[len + 1]; for (i = 0; i < len; i++) { char c = s[i]; copy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c; } copy[i] = 0; return s2i__(machine_strings, machine_s2i_s, machine_s2i_i, 11, copy, value); } } static const unsigned machine_i2s_direct[] = { 0,54,20,29,25,48,43,-1u,-1u,-1u, 35, }; static const char *machine_i2s(int v) { return i2s_direct__(machine_strings, machine_i2s_direct, 0, 10, v); } The rest of the generated files are probably wrong as well. A couple more references: - https://lists.yoctoproject.org/pipermail/yocto/2013-October/016735.html - https://lists.yoctoproject.org/pipermail/yocto/2015-August/026176.html
,
Jul 18
nrpeter@, not sure if you are interested in the userspace component of the Linux Audit system or not, but I've had some problems running the userspace component on different boards (esp. ARM) lately. Might be a simple fix, I'm not sure.
,
Jul 18
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mortonm@chromium.org
, Jul 10