auditd icon indicating copy to clipboard operation
auditd copied to clipboard

Published 20 hours ago verified publisher icon Neo23x0

linux kernel oops

Open turbo-cafe opened this issue 4 years ago • 5 comments
trafficstars

starting with v5.11.7 kernel goes into oops mode starting auditd service. Sorry I don't have more specific information since I don't know how to debug auditd rules.

turbo-cafe avatar May 19 '21 16:05 turbo-cafe

Can you post up a bit more details about what you mean by that (sorry, maybe it's only me but I'm not sure I understand this correctly). Thank you!

fintzd avatar Jun 29 '21 17:06 fintzd

When using audit.rules from the repo I wasnt able to boot PC, like I used to, with newer kernels (started with 5.11.7). With rules imported and auditd service active kernel would panic (specifically it goes into oops mode) and fail to boot into desktop. Because of that I stopped using audit.rules with kernels > 5.11.7, I'm sorry I lack skill to provide debug information.

turbo-cafe avatar Sep 23 '21 04:09 turbo-cafe

@turbo-cafe which distro are you using right now? I have a Fedora33 installed (5.14.9-100.fc33.x86_64) and the ruleset haven't break anything and works so far. (Ofc it throws a few error on some missing files but that is painless.)

Try to load the ruleset manually from anywhere like:

auditctl -R audit.rules

And please, share the error what got. Thanks!

kovacs-andras avatar Oct 11 '21 15:10 kovacs-andras

@kovacs-andras I use https://getsol.us if I load ruleset with command above my thinkpad hangs, so no debug info

turbo-cafe avatar Nov 06 '21 18:11 turbo-cafe

Using these rules on Debian with 5.10.0-16-amd64 and 5.18.0-2-amd64 without seeing this issue.

lpirl avatar Jul 13 '22 11:07 lpirl

Not reproducible anymore. Closing.

turbo-cafe avatar Sep 02 '23 05:09 turbo-cafe