Open ali4006 opened 3 weeks ago
I grepped around the code and can't find audit_log_object_context anywhere. I think your distribution must have a patch they have not submitted to upstream.
I found this code snippet from the archive listed in March 2022:
+void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob)
+{
+ int i;
+ int error;
+ struct lsmcontext context;
+
+ if (!lsm_multiple_contexts()) {
+ error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST);
+ if (error) {
+ if (error != -EINVAL)
+ goto error_path;
+ return;
+ }
+ audit_log_format(ab, " obj=%s", context.context);
+ security_release_secctx(&context);
+ } else {
+ audit_log_format(ab, " obj=?");
+ error = audit_buffer_aux_new(ab, AUDIT_MAC_OBJ_CONTEXTS);
+ if (error)
+ goto error_path;
+
+ for (i = 0; i < LSMBLOB_ENTRIES; i++) {
+ if (blob->secid[i] == 0)
+ continue;
+ error = security_secid_to_secctx(blob, &context, i);
+ if (error) {
+ if (error != -EINVAL)
+ audit_panic("error in audit_log_object_context");
+ audit_log_format(ab, "%sobj_%s=?",
+ i ? " " : "",
+ lsm_slot_to_name(i));
+ } else {
+ audit_log_format(ab, "%sobj_%s=%s",
+ i ? " " : "",
+ lsm_slot_to_name(i),
+ context.context);
+ security_release_secctx(&context);
+ }
+ }
+
+ audit_buffer_aux_end(ab);
+ }
+ return;
+
+error_path:
+ audit_panic("error in audit_log_object_context");
+}
The easier way to reproduce this issue on Ubuntu 24.04:
autrace /bin/ls
the dmesg output:
[ 1334.743586] audit_panic: 14 callbacks suppressed
[ 1334.743589] audit: error in audit_log_object_context
[ 1334.743609] audit: error in audit_log_object_context
[ 1334.744685] audit: error in audit_log_object_context
[ 1334.744736] audit: error in audit_log_object_context
[ 1334.744846] audit: error in audit_log_object_context
[ 1334.745896] audit: error in audit_log_object_context
[ 1334.747746] audit: error in audit_log_object_context
[ 1334.748660] audit: error in audit_log_object_context
[ 1334.748903] audit: error in audit_log_object_context
[ 1334.749164] audit: error in audit_log_object_context
On Ubuntu 24.04 installed auditd=1:3.1.2-2.1build1, The audit log starts printing on the console the error of
audit: error in audit_log_object_context
when deactivate apparmor and activate selinux as:Installed selinux-basics=0.5.9 Linux Kernel: 6.8.0