** Tags added: verification-done-noble-linux-bluefield ** Description changed:
SRU Justification: [Impact] * When auditd is installed and audit rules are used the console can be flooded with the error message. - error in audit_log_object_context + error in audit_log_object_context [Fix] * The fix is backported from - 5ba569134855 https://github.com/cschaufler/lsm-stacking. + 5ba569134855 https://github.com/cschaufler/lsm-stacking. This is the development upstream for the out of tree LSM stacking patch series. + * The fix is also carried the Oracular 6.14 kernel in its version of the + patch - * The fix is also carried the Oracular 6.14 kernel in its version of the patch - - commit 28b69ac0e2fc ("UBUNTU: SAUCE: apparmor4.0.0 [25/99]: Audit: Add + commit 28b69ac0e2fc ("UBUNTU: SAUCE: apparmor4.0.0 [25/99]: Audit: Add record for multiple object contexts") - Specifically the fix changes the test for failure on the result from security_secid_to_secctx(), which on success returns a size and on failure returns an error. [Test Plan] * Install audit * ensure AppArmor is enabled by running aa-enabled * Add the audit rule auditctl -a always,exit -S execve -k all_execs * run applications, or shell commands If the fix is not applied each application or command run with result in a message to the console. If the console is not displaying the error message - error in audit_log_object_context + error in audit_log_object_context the fix is working. [Where problems could occur] * The regression can be considered as low, since: the fix is already integrated into in the plucky 6.14, and questing 6.16/6.17 kernels without reported issues. - [Other Info] * If audit is configured to panic on error via - auditctl -f 2 + auditctl -f 2 - this bug can cause the kernel to panic - + this bug can cause the kernel to panic [Original Bug Text] The log `error in audit_log_object_context` is keep printing in the kernel log and console when the system startup. [ 13.504243] audit_panic: 282 callbacks suppressed [ 13.504248] audit: error in audit_log_object_context [ 19.988510] audit: error in audit_log_object_context [ 20.104622] audit: error in audit_log_object_context [ 20.114842] audit: error in audit_log_object_context [ 20.468369] audit: error in audit_log_object_context [ 20.505565] audit: error in audit_log_object_context [ 20.629690] audit: error in audit_log_object_context [ 21.233722] audit: error in audit_log_object_context [ 21.280265] audit: error in audit_log_object_context [ 80.081721] audit: error in audit_log_object_context [ 88.384101] audit: error in audit_log_object_context [ 88.445175] audit: error in audit_log_object_context [ 88.460142] audit: error in audit_log_object_context [ 88.715815] audit: error in audit_log_object_context [ 88.732466] audit: error in audit_log_object_context [ 88.851304] Reproduce the issue: 1. Install auditd, enable AppArmor or SELinux. 2. Add audit rules like: auditctl -a always,exit -S execve -k all_execs Suggested patch: diff --git a/kernel/audit.c b/kernel/audit.c index 3dd2e9930550f..b1764ae17ad76 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2315,7 +2315,7 @@ void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) if (lsm_blob_cnt < 2) { error = security_lsmblob_to_secctx(blob, &context, LSM_ID_UNDEF); - if (error) { + if (error < 0) { if (error != -EINVAL) goto error_path; return; @@ -2334,7 +2334,7 @@ void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) continue; error = security_lsmblob_to_secctx(blob, &context, lsm_idlist[i]->id); - if (error) { + if (error < 0) { audit_log_format(ab, "%sobj_%s=?", space ? " " : "", lsm_idlist[i]->name); if (error != -EINVAL) Similar fix already in 6.14.x-HWE kernel, please help to add it to 6.8.0. thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2123815 Title: Ubuntu 24.04.2: error in audit_log_object_context keep printing in the kernel and console To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2123815/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
