[Bug 1952774] Re: vfs_full_audit stopped honoring filters
[Expired for samba (Ubuntu) because there has been no activity for 60 days.] ** Changed in: samba (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
Hi Olivier, As Marc suggested, there are a few wrong names in your configuration file. I set up samba inside a Focal container here, created a test share and also added your configuration excerpt to smb.conf. After restarting the service, I can see the error message being generated inside one of the log files (under /var/log/samba/): # cat /var/log/samba/log.samba-test [2022/01/07 20:25:14.916385, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname opendir, logging all [2022/01/07 20:26:27.506170, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname opendir, logging all [2022/01/07 20:26:27.507477, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname opendir, logging all [2022/01/07 20:27:51.454174, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname unlink, logging all [2022/01/07 20:27:51.455376, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname unlink, logging all [2022/01/07 20:28:21.442369, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname rename, logging all [2022/01/07 20:28:21.444232, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname rename, logging all [2022/01/07 20:28:49.819543, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname chown, logging all [2022/01/07 20:28:49.821949, 0] ../../source3/modules/vfs_full_audit.c:576(init_bitmap) Could not find opname chown, logging all (Bear in mind that this is a list of the messages the were generated after I restarted the service many times; that's why you see so many). As you can verify, the behaviour doesn't seem to have changed with unknown opnames. Maybe you were looking in the wrong log file? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
Yeah, I fixed this. Still, hasn't the behaviour with unknown ops changed? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
I don't see opendir and chown in the manpage, there may be others that need fixing: https://www.samba.org/samba/docs/4.13/man-html/vfs_full_audit.8.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
BUT after limiting full_audit:success to unlinkat and renameat, it seems filters are finally honored. So I guess I have another (several?) unfound, and it fails silently. I'll try to pinpoint these and update this ticket. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
It looks a lot like a dupe (and for a few minutes, I actually thought it was), but I don't have the "Could not find..." line. Maybe it needs a specific log level? In any case, I switched to these opnames and after a force-reload, Samba keeps logging every single op. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
This is possibly a dupe of bug 1950803 Do you have "smbd_audit[.]: Could not find opname rename, logging all" in your log files? If so, you need to use renameat and unlinkat instead of rename and unlink. ** Changed in: samba (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952774] Re: vfs_full_audit stopped honoring filters
switched the log for a slightly more anonymized one ** Attachment removed: "samba_audit.log" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+attachment/5544382/+files/samba_audit.log ** Attachment added: "(anonymized) syslog" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+attachment/5544383/+files/samba_audit.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952774 Title: vfs_full_audit stopped honoring filters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
