On Fri Aug 8, 2025 at 10:15 AM CEST, Fabian Grünbichler wrote: > On August 4, 2025 6:25 pm, Max R. Carrara wrote: > > ... and display a `log_notice()` to the user if it is in order to > > inform them about audit messages being logged during the upgrade, > > as well as suggesting that they stop and disable the unit before > > the upgrade. > > > > In Debian Bookworm and earlier, audit messages were not logged by > > default [0], whereas the unit was active by default. This was changed > > in between Bookworm and Trixie; the patch that changed the default was > > dropped [1], whereas the unit is now disabled. > > > > This means that the unit will remain active during the upgrade, which > > will in turn cause a lot of audit message log spam. > > so this will warn about something that happens on every system(!), but > is only relevant for the duration of the upgrade and just makes the logs > more noisy? > > I am not sure that tradeoff is worth it, it is already noted in the > upgrade guide, so people who read that will do it proactively anyway, > and people who notice it during the upgrade can check there as well and > see that it's a non-issue..
Hmm yeah, I see your point... > > or maybe we could move it to `--full`? No, I think it's fine to drop it then. It's in the upgrade guide and a relatively benign thing anyway. :P > > adding too many warnings (and lines in general) makes it much easier to > miss actually relevant things.. > > in particular, after the upgrade is done it makes no sense to check this > anymore, since the next step will be a reboot that gets rid of the > excessive logging anyway.. ^ especially because of that. Also, I haven't seen any forum posts actually complain about the audit log spam, so I guess it really is a non-issue. > > > > > [0]: > > https://salsa.debian.org/systemd-team/systemd/-/commit/07daa6196f9c92be8a0f552b1416576e80d054dc > > [1]: > > https://salsa.debian.org/systemd-team/systemd/-/commit/7c6ea97a1d7e438e6621c3b97ce472754fd3db43 > > > > Signed-off-by: Max R. Carrara <m.carr...@proxmox.com> > > --- > > PVE/CLI/pve8to9.pm | 51 ++++++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 51 insertions(+) > > > > diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm > > index 426fa8a6..bd300d89 100644 > > --- a/PVE/CLI/pve8to9.pm > > +++ b/PVE/CLI/pve8to9.pm > > @@ -2129,6 +2129,56 @@ sub check_legacy_sysctl_conf { > > log_pass("Legacy file '$fn' exists but does not contain any > > settings."); > > } > > > > +sub check_journald_audit_socket { > > + my $unit = 'systemd-journald-audit.socket'; > > + > > + log_info("Checking whether systemd unit '$unit' is active..."); > > + > > + my ($res_is_enabled, $res_is_active) = (undef, undef); > > + > > + eval { > > + run_command( > > + ['systemctl', 'is-enabled', "$unit"], > > + outfunc => sub { > > + ($res_is_enabled) = @_; > > + chomp $res_is_enabled; > > + }, > > + noerr => 1, > > + ); > > + }; > > + > > + eval { > > + run_command( > > + ['systemctl', 'is-active', "$unit"], > > + outfunc => sub { > > + ($res_is_active) = @_; > > + chomp $res_is_active; > > + }, > > + noerr => 1, > > + ); > > + }; > > + > > + if (!defined($res_is_enabled) || !defined($res_is_active) || > > $res_is_enabled eq 'not-found') { > > + log_skip("Unit '$unit' not found"); > > + return undef; > > + } > > + > > + my $msg = > > + "Unit '$unit' is '$res_is_enabled' and '$res_is_active' - to > > prevent an excessive amount of" > > + . " audit messages being logged during the upgrade, it is > > recommended to stop and disable" > > + . " '$unit' beforehand." > > + . "\nThis can be achieved by running the following command:" > > + . "\n\n\tsystemctl disable --now $unit\n"; > > + > > + if ($res_is_enabled eq 'enabled' || $res_is_active eq 'active') { > > + log_notice($msg); > > + return undef; > > + } > > + > > + log_pass("Unit '$unit' is '$res_is_enabled' and '$res_is_active'"); > > + return undef; > > +} > > + > > sub check_misc { > > print_header("MISCELLANEOUS CHECKS"); > > my $ssh_config = eval { > > PVE::Tools::file_get_contents('/root/.ssh/config') }; > > @@ -2225,6 +2275,7 @@ sub check_misc { > > check_rrd_migration(); > > check_legacy_ipam_files(); > > check_legacy_sysctl_conf(); > > + check_journald_audit_socket(); > > } > > > > my sub colored_if { > > -- > > 2.39.5 > > > > > > > > _______________________________________________ > > pve-devel mailing list > > pve-devel@lists.proxmox.com > > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > > > > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
