Bug #254

auditset SMF not able to start in non-global zones

Added by Anil Jangity over 3 years ago. Updated over 3 years ago.

Status:Resolved Start date:2010-09-24
Priority:Normal Due date:
Assignee:- % Done:

80%

Category:OS/Net (Kernel and Userland)
Target version:oi_148
Difficulty:Medium Tags:needs-triage

Description

This is a carry over from OpenSolaris/ON.
Inside a non-global zone, the auditset SMF fails to start. The original bug is at:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6975967

root@zone-z1:~# svcs xv
svc:/system/auditset:default (Set non
/attributable audit flags
in the kernel context.)
State: maintenance since Mon Aug 09 10:47:49 2010
Reason: Start method failed repeatedly, last exited with status 1.
See: http://sun.com/msg/SMF-8000-KS
See: /var/svc/log/system-auditset:default.log
Impact: This service is not running.
root@zone-z1:~# tail -5 /var/svc/log/system-auditset:default.log
[ Aug 9 10:47:40 Disabled. ]
[ Aug 9 10:47:49 Enabled. ]
[ Aug 9 10:47:49 Executing start method ("/lib/svc/method/svc-auditset"). ]
Could not update kernel context (A_SETAMASK).
[ Aug 9 10:47:49 Method "start" exited with status 1. ]


Related issues

related to illumos gate - Bug #443: auditset SMF not able to start in non-global zones In Progress 2010-09-24

History

Updated by Albert Lee over 3 years ago

The Illumos developers are in the best position to fix this bug. I'll move this issue to illumos-gate once #256 is resolved (it seems a bit silly to create a new issue for it...).

Updated by Albert Lee over 3 years ago

  • Status changed from New to In Progress
  • Target version set to oi_148
  • % Done changed from 0 to 80

I've fixed this by simply checking if the policy is AUDIT_PERZONE before attempting to configure the kernel parameters.
http://pkgdev.openindiana.org/hg/mq_onnv-gate/file/37dd24daa23a/oi-issue-254-auditset_zone_fail

It's not clear if this is the same solution upstream had, because they apparently modified auditd(1) as well:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6979753

Updated by Albert Lee over 3 years ago

Fixed in oi_148. #443 created for illumos.

Updated by Albert Lee over 3 years ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF