Bug#1065156: reportbug: auditd fails to start with empty /var

Felix Moessbauer Fri, 01 Mar 2024 02:06:24 -0800

Package: auditd
Version: 1:3.0.9-1
Severity: normal

Dear Maintainer,


when running with an initially empty /var partition, the auditd
currently fails to start as the log directory is not present.

The attached patch adds a tmpfiles dropin to let systemd create
the directory on boot. If the directory is already present,
this is a noop.
    
For details, please also see #945269

Best regards,
Felix Moessbauer
Siemens AG

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages auditd depends on:
ii  gawk                 1:5.2.1-2
ii  init-system-helpers  1.65.2
ii  libaudit1            1:3.0.9-1
ii  libauparse0          1:3.0.9-1
ii  libc6                2.36-9+deb12u4
ii  libcap-ng0           0.8.3-1+b3
ii  libgssapi-krb5-2     1.20.1-2+deb12u1
ii  libkrb5-3            1.20.1-2+deb12u1
ii  libwrap0             7.6.q-32
ii  mawk                 1.3.4.20200120-3.1

auditd recommends no packages.

Versions of packages auditd suggests:
pn  audispd-plugins  <none>

-- Configuration Files:
/etc/audit/audit-stop.rules [Errno 13] Permission denied: 
'/etc/audit/audit-stop.rules'
/etc/audit/auditd.conf [Errno 13] Permission denied: '/etc/audit/auditd.conf'
/etc/audit/plugins.d/af_unix.conf [Errno 13] Permission denied: 
'/etc/audit/plugins.d/af_unix.conf'
/etc/audit/plugins.d/syslog.conf [Errno 13] Permission denied: 
'/etc/audit/plugins.d/syslog.conf'
/etc/audit/rules.d/audit.rules [Errno 13] Permission denied: 
'/etc/audit/rules.d/audit.rules'

-- no debconf information

*** /tmp/auditd/0001-create-var-log-audit-with-tmpfiles.d-as-well.patch
>From 4ea8f395c270d0dcc5365b40f70ca5e8633c4261 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessba...@siemens.com>
Date: Fri, 1 Mar 2024 10:43:14 +0100
Subject: [PATCH 1/1] create /var/log/audit with tmpfiles.d as well

When running with an initially empty /var partition, the auditd
currently fails to start as the log directory is not present. For that,
we use tmpfiles.d to let systemd create the directory on boot.
If the directory is already present, this is a noop.

For details, please also see #945269

Reported-by: Sai Sathujoda <sai.sathuj...@toshiba-tsip.com>
Signed-off-by: Felix Moessbauer <felix.moessba...@siemens.com>
---
 debian/auditd.tmpfiles | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 debian/auditd.tmpfiles

diff --git a/debian/auditd.tmpfiles b/debian/auditd.tmpfiles
new file mode 100644
index 0000000..2f467a8
--- /dev/null
+++ b/debian/auditd.tmpfiles
@@ -0,0 +1,2 @@
+d /var/log/audit 0700 root adm -
+
-- 
2.39.2

Bug#1065156: reportbug: auditd fails to start with empty /var

Reply via email to