On Wednesday, February 6, 2019 at 5:59:56 PM UTC+1, Marcus Linsner wrote: > On Wednesday, August 22, 2018 at 11:08:44 PM UTC+2, Marcus Linsner wrote: > > "Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) > > temperatures in the panel. (eg. RMB on panel, Panel->Add New > > Items...->Search: ->Sensor plugin) > > > > Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 > > second, however this means it would generate 2 dmesg audit messages every > > second AND they are flushed to the disk(judging by the case HDD led > > flashing). > > > > [ 93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 > > uid=1000 auid=1000 ses=2 msg='op=PAM:authentication grantors=pam_localuser > > acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? > > res=success' > > [ 93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 > > uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit > > acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? > > res=success' > > > > > > Is there some way to turn these off? if not all the audit messages. > > audit=0 in /proc/cmdline did it > that is, for me, > sudo vim /boot/efi/EFI/qubes/xen.cfg > and add it at the end of lines like: > > kernel=vmlinuz-4.19.12-3.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root > rd.luks.uuid=luks-9ed952b5-2aa8-4564-b700-fb23f5c9e94b > rd.lvm.lv=qubes_dom0/root i915.alpha_support=1 rd.luks.options=discard > root_trim=yes rd.luks.allow-discards ipv6.disable=1 loglevel=15 > log_buf_len=16M printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on > mminit_loglevel=0 memory_corruption_check=1 fbcon=scrollback:4096k > fbcon=font:ProFont6x11 net.ifnames=1 pax_sanitize_slab=full console=tty1 > earlyprintk=vga systemd.log_target=kmsg systemd.journald.forward_to_console=1 > udev.children-max=1256 rd.udev.children-max=1256 rhgb sysrq_always_enabled > random.trust_cpu=off audit=0 > > however now I've: > [11487.420448] userhelper[9870]: running '/usr/sbin/hddtemp -n -q /dev/sda' > with root privileges on behalf of 'ctor' > as a spam, every second. > > I've noticed that /usr/sbin/hddtemp wasn't already suid root, so I've set it > now via: > sudo chmod u+s /usr/sbin/hddtemp > > the spam still happens, but maybe a reboot is in order, unless > xfce4-sensors-plugin is calling userhelper itself? > > [ctor@dom0 ~]$ rpm -qf `which userhelper` > usermode-1.111-8.fc24.x86_64 > > I'll go reboot, if it works I won't post again, otherwise I'll keep trying to > find a way to get rid of this spam.
suid+reboot didn't work, but looks like I've encountered this before here: https://groups.google.com/d/msg/qubes-devel/NfVQi0HXWEY/uiw23yq2CgAJ and it is a loglevel 15 message <15>[ 87.005717] userhelper[4027]: running '/usr/sbin/hddtemp -n -q /dev/sda' with root privileges on behalf of 'ctor' so, in the worst case all I have to do is find out how to tell systemd/journald to not store it, which frankly I've no idea how, since it only accepts 0-7 numbers according to man journald.conf for MaxLevelStore= and yet that level 15 message still lands in journalctl -b 0 but perhaps other forwarding settings are in effect which make it so. MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, MaxLevelWall= Controls the maximum log level of messages that are stored on disk, forwarded to syslog, kmsg, the console or wall (if that is enabled, see above). As argument, takes one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug", or integer values in the range of 0-7 (corresponding to the same levels). Messages equal or below the log level specified are stored/forwarded, messages above are dropped. Defaults to "debug" for MaxLevelStore= and MaxLevelSyslog=, to ensure that the all messages are written to disk and forwarded to syslog. Defaults to "notice" for MaxLevelKMsg=, "info" for MaxLevelConsole=, and "emerg" for MaxLevelWall=. So, since 'debug' is 7, it stands to reason that a level 15 message won't be seen, unless ... I'm missing something. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a93d3ae-5811-4fd3-b69c-8bb10f1e9123%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
