[Touch-packages] [Bug 1989599] Re: Random auditd start failures on Ubuntu 20.04 EC2 AMIs
Also seeing this intermittently on Debian 10 / latest kernel 4.19 there, so it appears to be something kernel related that was backported as the original report here mentions 5.15. The workaround I've come up with (not fully validated yet, but manually starting when it fails on boot seems to work) is to add a systemd override (systemctl edit auditd.service) like follows: [Unit] StartLimitBurst=5 StartLimitIntervalSec=60 [Service] Restart=on-failure RestartSec=5 Kinda gross, but better than having audit messages spam dmesg. I didn't bisect, but I suspect it's one of these: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/kernel/audit.c?h=v4.19.306 audit: ensure userspace is penalized the same as the kernel when under pressure audit: improve audit queue handling when "audit=1" on cmdline Might be worthwhile to try reverting those and rebuilding kernel to see if the issue persists. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to audit in Ubuntu. https://bugs.launchpad.net/bugs/1989599 Title: Random auditd start failures on Ubuntu 20.04 EC2 AMIs Status in audit package in Ubuntu: Confirmed Bug description: Description:Ubuntu 20.04.5 LTS Release:20.04 linux-image-aws 5.15.0.1019.23~20.04.11 auditd 1:2.8.5-2ubuntu6 I am having issues with auditd on Ubuntu 20.04 LTS Ubuntu official AMIs. I have tested this with published AMIs ami-0123376e204addb71 and ami-00bb3d0b5b36e89b8. I am following a process that has worked up to June 20 2022. The process installs and configures the audit package for CIS hardening. The process steps are: • Launch an instance as a base, I’ve used ami-0123376e204addb71 or ami-00bb3d0b5b36e89b8 (official Ubuntu AMIs). • Installed the packages listed below. • Copied the “auditdconf” contents as /etc/audit/auditd.conf • Copied the “auditrules” contents as /etc/audit/rules.d/audit.rules • Edit /etc/default/grub, and set: GRUB_CMDLINE_LINUX="audit=1 selinux=1 audit_backlog_limit=8192" • Run: grub-mkconfig > /boot/grub/grub.cfg • Stopped the instance, and created an AMI. I then launch 10 or 14 instances of this AMI in us-west-2. Most will come up with auditd service running, and all rules loaded. Usually at least two come up broken for unknown reason, with the auditd service reporting an error I cannot understand: ● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2022-09-14 15:08:14 UTC; 22min ago Docs: man:auditd(8) https://github.com/linux-audit/audit-documentation Process: 357 ExecStart=/sbin/auditd (code=exited, status=1/FAILURE) Sep 14 15:08:14 ip-10-210-197-90 systemd[1]: Starting Security Auditing Service... Sep 14 15:08:14 ip-10-210-197-90 auditd[382]: Error receiving audit netlink packet (No buffer space available) Sep 14 15:08:14 ip-10-210-197-90 auditd[382]: Error setting audit daemon pid (No buffer space available) Sep 14 15:08:14 ip-10-210-197-90 auditd[382]: Unable to set audit pid, exiting Sep 14 15:08:14 ip-10-210-197-90 auditd[357]: Cannot daemonize (Success) Sep 14 15:08:14 ip-10-210-197-90 auditd[357]: The audit daemon is exiting. Sep 14 15:08:14 ip-10-210-197-90 auditd[382]: The audit daemon is exiting. Sep 14 15:08:14 ip-10-210-197-90 systemd[1]: auditd.service: Control process exited, code=exited, status=1/FAILURE Sep 14 15:08:14 ip-10-210-197-90 systemd[1]: auditd.service: Failed with result 'exit-code'. Sep 14 15:08:14 ip-10-210-197-90 systemd[1]: Failed to start Security Auditing Service. When I launch the above, it is a launch of 10 or so instances from the same AMI, with the same parameters. Matter of fact, the launch is done by requesting X number of instances during the EC2 instance launch I've been trying to solve this for some time, and I've found the only way I can make the instances always start correctly is to remove the kernel "audit_backlog_limit" setting entirely - no value for the parameter works correctly (tried 320, 8192, 16384, 32768). See attachments for the above mentioned files. Thanks. -Alan expected behavior is: * service loaded and active * "auditctl -l" shows list of loaded rules seen behavior: * service dead with errors shown above. * "auditctl -l" reports "No rules". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1989599/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1970047] Re: GTK file open dialog hangs Chrome/Brave
/org/mate/desktop/sound/input-feedback-sounds actually fixed it for me (not /org/gnome). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1970047 Title: GTK file open dialog hangs Chrome/Brave Status in gtk+3.0 package in Ubuntu: Incomplete Bug description: I removed xdg-desktop-portal because I use Xorg, don't use any snaps or flatpaks and GTK file open dialog is better than portal one. But GTK file open dialog makes Chrome/Brave freeze after closing it. Steps to reproduce: 1. Install Chrome or Brave 2. Remove xdg-desktop-portal so Chrome/Brave use GTK file open dialog instead of portal one 3. Press Ctrl+O to open file open dialog 4. Close dialog or choose any file, does not matter, browser is stuck I don't see this behavior on Debian that I also use, so I guess bug is in GTK rather than Chrome/Brave. Fresh install of Ubuntu 22.04 lsb_release: Description: Ubuntu 22.04 LTS Release: 22.04 libgtk-3-0: Installed: 3.24.33-1ubuntu1 Candidate: 3.24.33-1ubuntu1 Version table: *** 3.24.33-1ubuntu1 500 500 http://rs.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgtk-3-0 3.24.33-1ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 23 19:27:45 2022 InstallationDate: Installed on 2022-04-22 (1 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1970047/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1970047] Re: GTK file open dialog hangs Chrome/Brave
input-feedback-sounds was already set to 'false' for me - explicitly setting it unfortunately did not seem to make a difference. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1970047 Title: GTK file open dialog hangs Chrome/Brave Status in gtk+3.0 package in Ubuntu: Incomplete Bug description: I removed xdg-desktop-portal because I use Xorg, don't use any snaps or flatpaks and GTK file open dialog is better than portal one. But GTK file open dialog makes Chrome/Brave freeze after closing it. Steps to reproduce: 1. Install Chrome or Brave 2. Remove xdg-desktop-portal so Chrome/Brave use GTK file open dialog instead of portal one 3. Press Ctrl+O to open file open dialog 4. Close dialog or choose any file, does not matter, browser is stuck I don't see this behavior on Debian that I also use, so I guess bug is in GTK rather than Chrome/Brave. Fresh install of Ubuntu 22.04 lsb_release: Description: Ubuntu 22.04 LTS Release: 22.04 libgtk-3-0: Installed: 3.24.33-1ubuntu1 Candidate: 3.24.33-1ubuntu1 Version table: *** 3.24.33-1ubuntu1 500 500 http://rs.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgtk-3-0 3.24.33-1ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 23 19:27:45 2022 InstallationDate: Installed on 2022-04-22 (1 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1970047/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1970047] Re: GTK file open dialog hangs Chrome/Brave
I tried running google-chrome against "stock" gtk-3 built similar to follows: sudo apt build-dep libgtk-3-0 apt source libgtk-3-0 cd gtk+3.0-3.24.33 quilt pop -a rm debian/patches/series rm debian/*.symbols DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -uc -us -d -j16 Also tried building with 'CC=gcc-10'. It didn't fix the issue. As @wooque said, there may be something else at play besides gtk3. As I mentioned, the org.google.Chrome flatpak, which also uses 3.24.33, doesn't have the issue, which is why I wanted to see if maybe one of the patches had something to do with it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1970047 Title: GTK file open dialog hangs Chrome/Brave Status in gtk+3.0 package in Ubuntu: Incomplete Bug description: I removed xdg-desktop-portal because I use Xorg, don't use any snaps or flatpaks and GTK file open dialog is better than portal one. But GTK file open dialog makes Chrome/Brave freeze after closing it. Steps to reproduce: 1. Install Chrome or Brave 2. Remove xdg-desktop-portal so Chrome/Brave use GTK file open dialog instead of portal one 3. Press Ctrl+O to open file open dialog 4. Close dialog or choose any file, does not matter, browser is stuck I don't see this behavior on Debian that I also use, so I guess bug is in GTK rather than Chrome/Brave. Fresh install of Ubuntu 22.04 lsb_release: Description: Ubuntu 22.04 LTS Release: 22.04 libgtk-3-0: Installed: 3.24.33-1ubuntu1 Candidate: 3.24.33-1ubuntu1 Version table: *** 3.24.33-1ubuntu1 500 500 http://rs.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgtk-3-0 3.24.33-1ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 23 19:27:45 2022 InstallationDate: Installed on 2022-04-22 (1 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1970047/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1970047] Re: GTK file open dialog hangs Chrome/Brave
Also seeing this on various versions of the official google-chrome .deb (99, 100, 101) on 22.04/amd64 (MATE Desktop, Xorg + nvidia proprietary 470.103.01, marco window manager + compton compositor). Browser is unresponsive to any input events after downloading a file or printing to file (i.e. after opening gtk file chooser dialog). The main browser process itself isn't frozen, though - a new window can be launched via shortcut/CLI, and the frozen one can be gracefully closed (using 'x' above window). I tried a few things like disabling GTK+ theme, disabling 'Use system title bar and borders', disabling all extensions, etc. to no avail. A fresh browser profile somehow seemed to avoid the issue, at least initially. The Chrome flatpak (com.google.Chrome) is *not* affected, even when using the existing browser profile and same GTK theme. Oddly, it's using gtk-3 3.24.33 as well per https://gitlab.com/freedesktop- sdk/freedesktop-sdk/-/blob/release/21.08/elements/components/gtk3.bst For completeness, I also found this question + comments reporting the same issue: https://askubuntu.com/questions/1402530/running-any- chromium-based-browser-in-ubuntu-22-04-freezes -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1970047 Title: GTK file open dialog hangs Chrome/Brave Status in gtk+3.0 package in Ubuntu: Incomplete Bug description: I removed xdg-desktop-portal because I use Xorg, don't use any snaps or flatpaks and GTK file open dialog is better than portal one. But GTK file open dialog makes Chrome/Brave freeze after closing it. Steps to reproduce: 1. Install Chrome or Brave 2. Remove xdg-desktop-portal so Chrome/Brave use GTK file open dialog instead of portal one 3. Press Ctrl+O to open file open dialog 4. Close dialog or choose any file, does not matter, browser is stuck I don't see this behavior on Debian that I also use, so I guess bug is in GTK rather than Chrome/Brave. Fresh install of Ubuntu 22.04 lsb_release: Description: Ubuntu 22.04 LTS Release: 22.04 libgtk-3-0: Installed: 3.24.33-1ubuntu1 Candidate: 3.24.33-1ubuntu1 Version table: *** 3.24.33-1ubuntu1 500 500 http://rs.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgtk-3-0 3.24.33-1ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 23 19:27:45 2022 InstallationDate: Installed on 2022-04-22 (1 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1970047/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
