@Seth I just want to say that I am that person! I signed up specifically
to thank @Chuan and you for getting to the bottom of this. I had the
exact same error and setting `ProtectHome=false` solved the issue, thank
you!
--
You received this bug notification because you are a member of Ubuntu
Awesome find! Probably for many users, that's a perfectly fine change, I
suspect that auditing home directories isn't going to be a top priority
for many people.
However, the sheer confusion of this issue is troubling: going from
these error messages to "I have to remove a systemd configuration
Comparing the files /etc/systemd/system/multi-user.target.wants/auditd.service
between Focal and Jammy,
I can see Jammy has the line "ProtectHome=true", If I remove this line and
reboot the system, then the rule can be loaded along with system bootup
--
You received this bug notification
Hi Seth,
Thank you for the advice of "-i". It works if I append "-i" into the
problematic line.
It's strange that:
1) I can not see any difference between /home/ubuntu/test.sh, /
opt/test.sh, /etc/test.sh and /usr/bin/test.sh, as there is no
separated partition
lsblk
vda 252:00
Hello, my guess is /home or /home/ubuntu may not exist when the audit
rules are loaded.
The file and directory watches work by setting up inotify watches on the
underlying objects, and if the file or directory doesn't exist, there's
nothing to watch. So, it errors.
You can add -i to the
** Description changed:
-
- The rule '-a always,exit -F path=/home/ubuntu/test.sh -F perm=x -F auid>=1000
-F auid!=unset -k privileged' can not be loaded during system boot up.
+ The rule '-a always,exit -F path=/home/ubuntu/test.sh -F perm=x -F
+ auid>=1000 -F auid!=unset -k privileged' can
6 matches
Mail list logo
