On 2019-07-14 at 23:23:35, Colin Watson wrote:
> Judging from this, the crash (or is it a hang? I'm assuming a crash) is
> near the start of ensure_minimum_time_since, probably inside
> monotime_ts. I suspect there's something wrong with the seccomp
> sandboxing of the privileged monitor process on mipsel.
Yes, I also think it's a crash. It doesn't hang at all.
> Could you try installing the auditd package, and then running this
> before starting sshd:
>
> auditctl -a exit,always -F uid="$(id -u sshd)"
auditd fails to start after installation (and restart doesn't help):
$ systemctl status auditd
● auditd.service - Security Auditing Service
Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor
preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-07-15 05:03:21 UTC; 3min
8s ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 6841 ExecStart=/sbin/auditd (code=exited, status=1/FAILURE)
Jul 15 05:03:21 gnubee-n1.gnubee systemd[1]: Starting Security Auditing
Service...
Jul 15 05:03:21 gnubee-n1.gnubee systemd[1]: auditd.service: Control process
exited, code=exited, status=1/FAILURE
Jul 15 05:03:21 gnubee-n1.gnubee systemd[1]: auditd.service: Failed with
result 'exit-code'.
Jul 15 05:03:21 gnubee-n1.gnubee systemd[1]: Failed to start Security
Auditing Service.
$ auditctl -a exit,always -F uid="$(id -u sshd)"
Error - audit support not in kernel
Cannot open netlink audit socket
Looks like I might be missing some kernel features. Perhaps sandboxing in
openssh also relies on something that's not compiled in either? Is there an
easy way to check?
By the way, this machine is sadly not using a Debian kernel. It's using
librecmc-ramips-mt7621-gb-pc1-squashfs-sysupgrade_2017-11-28.bin from
https://github.com/gnubee-git/gnubee-git.github.io/blob/master/debian/.
$ uname -a
Linux gnubee-n1.gnubee 4.4.87-gnu #0 SMP Wed Nov 22 13:06:13 2017 mips
GNU/Linux
Francois
--
https://fmarier.org/
