Public bug reported:
The log `error in audit_log_object_context` is keep printing in the
kernel log and console when the system startup.
[ 13.504243] audit_panic: 282 callbacks suppressed
[ 13.504248] audit: error in audit_log_object_context
[ 19.988510] audit: error in audit_log_object_context
[ 20.104622] audit: error in audit_log_object_context
[ 20.114842] audit: error in audit_log_object_context
[ 20.468369] audit: error in audit_log_object_context
[ 20.505565] audit: error in audit_log_object_context
[ 20.629690] audit: error in audit_log_object_context
[ 21.233722] audit: error in audit_log_object_context
[ 21.280265] audit: error in audit_log_object_context
[ 80.081721] audit: error in audit_log_object_context
[ 88.384101] audit: error in audit_log_object_context
[ 88.445175] audit: error in audit_log_object_context
[ 88.460142] audit: error in audit_log_object_context
[ 88.715815] audit: error in audit_log_object_context
[ 88.732466] audit: error in audit_log_object_context
[ 88.851304]
Reproduce the issue:
1. Install auditd, enable AppArmor or SELinux.
2. Add audit rules like:
auditctl -a always,exit -S execve -k all_execs
Suggested patch:
diff --git a/kernel/audit.c b/kernel/audit.c
index 3dd2e9930550f..b1764ae17ad76 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2315,7 +2315,7 @@ void audit_log_object_context(struct audit_buffer *ab,
struct lsmblob *blob)
if (lsm_blob_cnt < 2) {
error = security_lsmblob_to_secctx(blob, &context,
LSM_ID_UNDEF);
- if (error) {
+ if (error < 0) {
if (error != -EINVAL)
goto error_path;
return;
@@ -2334,7 +2334,7 @@ void audit_log_object_context(struct audit_buffer *ab,
struct lsmblob *blob)
continue;
error = security_lsmblob_to_secctx(blob, &context,
lsm_idlist[i]->id);
- if (error) {
+ if (error < 0) {
audit_log_format(ab, "%sobj_%s=?",
space ? " " : "", lsm_idlist[i]->name);
if (error != -EINVAL)
Similar fix already in 6.14.x-HWE kernel, please help to add it to
6.8.0. thanks.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
The log `error in audit_log_object_context` is keep printing in the
kernel log and console when the system startup.
[ 13.504243] audit_panic: 282 callbacks suppressed
[ 13.504248] audit: error in audit_log_object_context
[ 19.988510] audit: error in audit_log_object_context
[ 20.104622] audit: error in audit_log_object_context
[ 20.114842] audit: error in audit_log_object_context
[ 20.468369] audit: error in audit_log_object_context
[ 20.505565] audit: error in audit_log_object_context
[ 20.629690] audit: error in audit_log_object_context
[ 21.233722] audit: error in audit_log_object_context
[ 21.280265] audit: error in audit_log_object_context
[ 80.081721] audit: error in audit_log_object_context
[ 88.384101] audit: error in audit_log_object_context
[ 88.445175] audit: error in audit_log_object_context
[ 88.460142] audit: error in audit_log_object_context
[ 88.715815] audit: error in audit_log_object_context
[ 88.732466] audit: error in audit_log_object_context
[ 88.851304]
Reproduce the issue:
1. Install auditd, enable AppArmor or SELinux.
-
+ 2. Add audit rules like:
+ auditctl -a always,exit -S execve -k all_execs
Suggested patch:
diff --git a/kernel/audit.c b/kernel/audit.c
index 3dd2e9930550f..b1764ae17ad76 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2315,7 +2315,7 @@ void audit_log_object_context(struct audit_buffer *ab,
struct lsmblob *blob)
- if (lsm_blob_cnt < 2) {
- error = security_lsmblob_to_secctx(blob, &context,
- LSM_ID_UNDEF);
+ if (lsm_blob_cnt < 2) {
+ error = security_lsmblob_to_secctx(blob, &context,
+ LSM_ID_UNDEF);
- if (error) {
+ if (error < 0) {
- if (error != -EINVAL)
- goto error_path;
- return;
+ if (error != -EINVAL)
+ goto error_path;
+ return;
@@ -2334,7 +2334,7 @@ void audit_log_object_context(struct audit_buffer *ab,
struct lsmblob *blob)
- continue;
- error = security_lsmblob_to_secctx(blob, &context,
- lsm_idlist[i]->id);
+ continue;
+ error = security_lsmblob_to_secctx(blob, &context,
+ lsm_idlist[i]->id);
- if (error) {
+ if (error < 0) {
- audit_log_format(ab, "%sobj_%s=?",
- space ? " " : "",
lsm_idlist[i]->name);
- if (error != -EINVAL)
+ audit_log_format(ab, "%sobj_%s=?",
+ space ? " " : "",
lsm_idlist[i]->name);
+ if (error != -EINVAL)
Similar fix already in 6.14.x-HWE kernel, please help to add it to
6.8.0. thanks.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2123815
Title:
Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
kernel and console
Status in linux package in Ubuntu:
New
Bug description:
The log `error in audit_log_object_context` is keep printing in the
kernel log and console when the system startup.
[ 13.504243] audit_panic: 282 callbacks suppressed
[ 13.504248] audit: error in audit_log_object_context
[ 19.988510] audit: error in audit_log_object_context
[ 20.104622] audit: error in audit_log_object_context
[ 20.114842] audit: error in audit_log_object_context
[ 20.468369] audit: error in audit_log_object_context
[ 20.505565] audit: error in audit_log_object_context
[ 20.629690] audit: error in audit_log_object_context
[ 21.233722] audit: error in audit_log_object_context
[ 21.280265] audit: error in audit_log_object_context
[ 80.081721] audit: error in audit_log_object_context
[ 88.384101] audit: error in audit_log_object_context
[ 88.445175] audit: error in audit_log_object_context
[ 88.460142] audit: error in audit_log_object_context
[ 88.715815] audit: error in audit_log_object_context
[ 88.732466] audit: error in audit_log_object_context
[ 88.851304]
Reproduce the issue:
1. Install auditd, enable AppArmor or SELinux.
2. Add audit rules like:
auditctl -a always,exit -S execve -k all_execs
Suggested patch:
diff --git a/kernel/audit.c b/kernel/audit.c
index 3dd2e9930550f..b1764ae17ad76 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2315,7 +2315,7 @@ void audit_log_object_context(struct audit_buffer *ab,
struct lsmblob *blob)
if (lsm_blob_cnt < 2) {
error = security_lsmblob_to_secctx(blob, &context,
LSM_ID_UNDEF);
- if (error) {
+ if (error < 0) {
if (error != -EINVAL)
goto error_path;
return;
@@ -2334,7 +2334,7 @@ void audit_log_object_context(struct audit_buffer *ab,
struct lsmblob *blob)
continue;
error = security_lsmblob_to_secctx(blob, &context,
lsm_idlist[i]->id);
- if (error) {
+ if (error < 0) {
audit_log_format(ab, "%sobj_%s=?",
space ? " " : "",
lsm_idlist[i]->name);
if (error != -EINVAL)
Similar fix already in 6.14.x-HWE kernel, please help to add it to
6.8.0. thanks.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2123815/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
