[opensuse-factory] chromium spam in journal
Am I the only one to see thousand of lines like this when using chromium Mar 20 17:56:00 qt-kt.labaroche.ioda.net kernel: audit: type=1326 audit(1458492960.485:257): auid=1502 uid=1502 gid=1500 ses=1 pid=6220 comm="chromium" exe="/usr/lib64/chromium/chromium" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f04d0cdd3f4 code=0x50000 Mar 20 17:56:00 qt-kt.labaroche.ioda.net audit[6221]: SECCOMP auid=1502 uid=1502 gid=1500 ses=1 pid=6221 comm="chromium" exe="/usr/lib64/chromium/chromium" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f04d0cdd3f4 code=0x50000 the last line is repeated 4x the block is repeating for each browsing action in chromium If it's somewhat nice to see what's happening on a system, I'm qualifying this as (kill my ssd with stupid log entry :-) I know that normally systemd-journald/logger will try to pick all event. But I don't know where to disable such level of log Why should I have audit message when I deliberate turn audit off ? systemctl status auditd.service ● auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; disabled; vendor preset: enabled) Active: inactive (dead) What didn't I understand, or its a mixed bug? Thanks for any suggestions. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sun, Mar 20, 2016 at 06:08:50PM +0100, Bruno Friedmann wrote:
Am I the only one to see thousand of lines like this when using chromium
Mar 20 17:56:00 qt-kt.labaroche.ioda.net kernel: audit: type=1326 audit(1458492960.485:257): auid=1502 uid=1502 gid=1500 ses=1 pid=6220 comm="chromium" exe="/usr/lib64/chromium/chromium" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f04d0cdd3f4 code=0x50000 Mar 20 17:56:00 qt-kt.labaroche.ioda.net audit[6221]: SECCOMP auid=1502 uid=1502 gid=1500 ses=1 pid=6221 comm="chromium" exe="/usr/lib64/chromium/chromium" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f04d0cdd3f4 code=0x50000 the last line is repeated 4x
the block is repeating for each browsing action in chromium
If it's somewhat nice to see what's happening on a system, I'm qualifying this as (kill my ssd with stupid log entry :-) I know that normally systemd-journald/logger will try to pick all event. But I don't know where to disable such level of log
Why should I have audit message when I deliberate turn audit off ?
systemctl status auditd.service ● auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; disabled; vendor preset: enabled) Active: inactive (dead)
What didn't I understand, or its a mixed bug? Thanks for any suggestions.
I think this is the chromium sandbox getting killed entry (and it seems to get killed quite often). 273 is the __NR_set_robust_list systemcall which causes the kill. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On dimanche, 20 mars 2016 18.52:02 h CET Marcus Meissner wrote:
On Sun, Mar 20, 2016 at 06:08:50PM +0100, Bruno Friedmann wrote:
Am I the only one to see thousand of lines like this when using chromium
Mar 20 17:56:00 qt-kt.labaroche.ioda.net kernel: audit: type=1326 audit(1458492960.485:257): auid=1502 uid=1502 gid=1500 ses=1 pid=6220 comm="chromium" exe="/usr/lib64/chromium/chromium" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f04d0cdd3f4 code=0x50000 Mar 20 17:56:00 qt-kt.labaroche.ioda.net audit[6221]: SECCOMP auid=1502 uid=1502 gid=1500 ses=1 pid=6221 comm="chromium" exe="/usr/lib64/chromium/chromium" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f04d0cdd3f4 code=0x50000 the last line is repeated 4x
the block is repeating for each browsing action in chromium
If it's somewhat nice to see what's happening on a system, I'm qualifying this as (kill my ssd with stupid log entry :-) I know that normally systemd-journald/logger will try to pick all event. But I don't know where to disable such level of log
Why should I have audit message when I deliberate turn audit off ?
systemctl status auditd.service ● auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; disabled; vendor preset: enabled) Active: inactive (dead)
What didn't I understand, or its a mixed bug? Thanks for any suggestions.
I think this is the chromium sandbox getting killed entry (and it seems to get killed quite often).
273 is the __NR_set_robust_list systemcall which causes the kill.
Ciao, Marcus
Ty Marcus ... Don't know if it's normal, but in my case I open and close hundreds of tabs :-) in the meantime I found a "bug" (not define as is by upstream) And one of the solution, beside audit=0 on commandline is the followin systemctl status systemd-journald-audit.socket ● systemd-journald-audit.socket - Journal Audit Socket Loaded: loaded (/usr/lib/systemd/system/systemd-journald-audit.socket; static; vendor preset: disabled) Active: active (running) since Sun 2016-03-20 17:28:05 CET; 2h 48min ago Docs: man:systemd-journald.service(8) man:journald.conf(5) Listen: audit 1 (Netlink) Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. qt-kt:~ # systemctl mask systemd-journald-audit.socket Created symlink from /etc/systemd/system/systemd-journald-audit.socket to /dev/null. qt-kt:~ # systemctl stop systemd-journald-audit.socket qt-kt:~ # systemctl status systemd-journald-audit.socket ● systemd-journald-audit.socket Loaded: masked (/dev/null; bad) Active: inactive (dead) since Sun 2016-03-20 20:16:52 CET; 2s ago Mar 20 20:16:44 qt-kt.labaroche.ioda.net systemd[1]: systemd-journald-audit.socket: Cannot add dependency job, ignoring: Unit systemd-journald-audit.socket is masked. Mar 20 20:16:52 qt-kt.labaroche.ioda.net systemd[1]: Closed systemd-journald-audit.socket. Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. https://github.com/systemd/systemd/issues/959 I guess that one of the thing we could make it better is if auditd is off then the systemd-journald-audit.socket should be off too. (it seems that vendor preset is not really respected). Enough material for a bug reporting, but I will not be able to make it, before after Eastern. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Bruno Friedmann
-
Marcus Meissner