[ERROR] sudo: unable to send audit message on Synology

[heseifert]

Hello, i got this error on my docker logs.

sudo: unable to send audit message: Operation not permitted

If i do anything on the WebUI i got this error.

My Setup:

• Synology DSM 6.1.5 DS1515+
• Lastest docker-pi-hole Image

Can any help me?

[diginc]

I would start with synology + that error message unless this is very specific to my container.

have you looked at these posts? https://duckduckgo.com/?q=site%3Aforum.synology.com+Operation+not+permitted&t=ffab&ia=web

Do you use volumes and if you remove them and re-create the container does this error go away?

[jcacavias]

I'm getting a similar error message each time I try to press the enable button. Enable appears to work, but as soon as I refresh the page, the enable button is back. Otherwise, pi-hole appears to be working. Here are the errors that appear in the logs...

sudo: unable to send audit message: Unknown error -1 sudo: pam_open_session: System error | stdout sudo: policy plugin failed session initialization

[edin0x]

Same here when I try sudo pihole -r:

root@diginc-pi-hole1:/# sudo pihole -r
sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

Also having the same problems through the Web UI, where I cannot save anything. It seems like a permissions issue, but since I'm using the already built diginc pihole docker image I would expect this to work out of the box. Running this on Synology DS916+.

Any help is appreciated.

[ShagoY]

Hi, i got this error only with --net=host (the only way to see "Top Clients ?") but i can't save any change. sudo: policy plugin failed session initialization sudo: unable to send audit message: Unknown error -1 sudo: pam_open_session: System error

[kn0rki]

Hi folks, same errors for me on a DS412+.

@ShagoY the --net=host works without NAT. You can add a new network and disable ip masquerading to enable the top clients.

[ShagoY]

Hi @kn0rki, i just try in docker but no result, i think i need more information, have you a guide ?

[Tearow]

Same issue. When ever i try to add something in whitelist or add something in blacklist or any setting i receive in docker terminal.

Sudo: Unable to send audit message: Unknown error -1 Sudo: pam_open_session: System error Sudo: policy plugin failed session initialization

did somebody solve it already. i saw already multiple issues about this but still without solution.

Using DS412+ with docker and Diginc/pi-hole:latest

[will-code-for-pizza]

Using DS 2413+ with docker and Diginc/pi-hole:latest Same issue here.

docker logs gave me:

sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

Additionally:

dnsmasq: failed to load names from /etc/pihole/black.list: No such file or directory

Status in web UI changes from Active to Unknown a few seconds after clicking "Enable".

[nopoz]

I have the same problem. Mapping the black.list to a file doesn't fix it.

[x-Felix]

same issue here. And the admin console shows status unknown. Searched these error messages on Google, seems the issue leads to pam_limits. Not sure it is within the docker container or Synology DSM.

[R91g]

I have the same issue. I can't change any setting in WEB UI, when I save changes nothing change, old setting still alive.

DSM 6.0.2-8451 Update 11 DS3615xs

[x-Felix]

I tried to isolate the problem whether an image issue or Synology DSM restriction. I only have a spare raspberry pi 3b to play with. I pulled diginc/pi-hole-multiarch:debian_armhf on HypriotOS docker environment. The same issue was not discovered in that setup although version number not displayed. Right now what I can do is to use Raspberry Pi to service Pi-Hole directly on Raspbian OS which works perfectly. I do hope this issue can be fixed soon so that I can just use one NAS.

[nopoz]

I ended up using virtual station to spin up a debian vm which I run pihole on.

[x-Felix]

@doucheymcdoucherson thanks for the suggestion, I tried virtual station but not really satisfied with the resources it consumed. I do not run an extremely powerful synology nas. And considering NAS requires regularly software upgrade, 10 minutes DNS downtime is not acceptable even for a home network. So I am now using a spare Raspberry Pi directly. All issue fixed.

[CrypticOne]

I have issue 286. I think they probably could be merged. I know the webinterface uses superuser commands to update the config files.

My docker image reports the following when I try to use sudo:

root@pihole:/# sudo
sudo: unable to resolve host pihole

I updated /etc/hosts to include pihole as 127.0.0.1 which fixes the first error but still sudo is broken on this docker on Synology.

root@pihole:/# sudo date
sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

[Ulisus]

So i am having the same problems with the latest build on a Synology NAS. So i tried installing the "debian_v3.2.1" branch.

Now the settings are finally saved!

The only problems here are:

• Version numbers not showing in the right bottom corner
• Opening "Query Log" produces a popup "DataTables warning: table id=all-queries - Requested unknown parameter '5' "
• I still get the sudo: unable to send audit message: Operation not permitted" in the logs.

(By the way debian_3.1.4 didn't work, because the webport couldn't be changed from 80)

[McMac]

Running into the same issue with the System error/Unknown error -1.

I managed to drill down to it:

docker exec -it pi-hole /bin/bash
root@pi-hole:/# su
su: System error
root@pi-hole:/# sudo -i
sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
root@pi-hole:/#

After some hefty googling and testing this issue only seem to occur when running with --net=host not with --net=bridge. There is a thread [ https://github.com/moby/moby/issues/5899] for another container describing the same issue and the solution seems to be "Install libpam with --disable-audit option on Ubuntu 14.04"

[diginc]

@McMac Thanks for digging into this. Looking at that Docker Moby ticket, it sounds like it's an older kernel problem rather than a docker problem. Can you confirm what docker and kernel versions you have with these commands?

docker version
docker info

My oldest test system I have is 3.19 (Vivid) and I've never seen this problem, so given the newest kernel mentioned in that thread is 3.17 I'd think somewhere between those two the problem was resolved. I'd suggest looking into any upgrade options Synology has for kernel and docker versions.

[CrypticOne]

root@DiskTiger:~# docker version Client: Version: 17.05.0-ce API version: 1.29 Go version: go1.8 Git commit: 9f07f0e-synology Built: Fri May 11 13:41:13 2018 OS/Arch: linux/amd64

Server: Version: 17.05.0-ce API version: 1.29 (minimum version 1.12) Go version: go1.8 Git commit: 9f07f0e-synology Built: Fri May 11 13:41:13 2018 OS/Arch: linux/amd64 Experimental: false root@DiskTiger:~# docker info Containers: 11 Running: 11 Paused: 0 Stopped: 0 Images: 105 Server Version: 17.05.0-ce Storage Driver: aufs Root Dir: /volume1/@docker/aufs Backing Filesystem: extfs Dirs: 151 Dirperm1 Supported: true Logging Driver: db Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: fd189da3e13a3ef3d6d9eb73c5cd4697b4536cdd (expected: 9048e5e50717ea4497b757314bad98ea3763c145) runc version: a2d6e07aab95ff37fb63cf5dec3c40d29940194f (expected: 9c2d8d184e5da67c95d601382adf14862e4f2228) init version: 7a83305 (expected: 949e6fa) Security Options: apparmor Kernel Version: 3.10.102 Operating System: OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.67GiB Name: DiskTiger ID: ** Docker Root Dir: /volume1/@docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: No kernel memory limit support WARNING: No cpu cfs quota support WARNING: No cpu cfs period support

[diginc]

Yup "Kernel Version: 3.10.102" :(

Not much I can do here for this. I searched a little about what synology allows upgrades for but it depends on the the line/model.

[R91g]

I think that DSM 6.2 has Kernel 4.4 Maybe with this version Pihole works fine.

Xpenology with loader 1.03b now works with DSM 6.2-23739 update 2: https://mega.nz/#F!ZlkHQTTb!keje3RK017OjTp3vuWb-Cw

[ituri]

I think that DSM 6.2 has Kernel 4.4

No, it doesn't. My DS916+ runs on the latest DSM 6.2-23739 Update 2 and it comes with Kernel 3.10.105.

[McMac]

When I get a moment I might attempt to merge the suggestion from the other thread with your Dockerfile by compiling "libpam with --disable-audit". Not sure about the save function but I believe to recall that when I have misconfigured network to be host vs. bridge that e.g. the values for "Pi-hole Version N/A Web Interface Version N/A FTL Version N/A" had shown properly. To be honest, not sure what downside the "disable-audit" on PAM brings (don't see a major issue while running as a docker container). I assume, the failing PAM audit calls are preventing the subsequent tasks. Attempting to disable audit via config file using the system-auth/password-auth "session required pam_tty_audit.so disable=*" didn't seem to make an difference. (As the error occurs during "sudo: pam_open_session: System error" the "session required" couldn't have worked anyways). Looks like a recompile is left to try at this point when I get a quiet moment next week unless someone beats me to it. Alternative option is to revert back older docker image.

[Anatharias]

So I used a brand new DSM 6.2 on a DS1513+ (never used as a Docker host before) launched the new docker pihole/pihole v4 image and once setup is complete

the same message appears each time I want to enable the service:

System error
sudo: unable to resolve host pihole.n8
sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

EDIT: the above happens when selecting Host network, and that some of the ports are not available I created a new Docker host with random ports, DNS is working: no more errors.

[McMac]

I am experiencing the same with v4.

I created a ticket with Synology Support (#2061260) with the current details also referring to this thread.

In the meantime I'll take a shot at the --disable-audit idea.

[McMac]

Ok, I tried to rebuild everything by creating a Debian image with the —disable-audit flag, then took @diginc’s sources and made an amd64_disable-audit dockerfile and modified his Dockerfile.py to use my modified one however I must have made a snafu somewhere and I somehow ended up with the same error.

It was a long shot to simply replace Debian “Jessie” with “Stretch” and hope for it to work (Onni Hakala @onnimonni https://gist.github.com/onnimonni/84489397082b8af71772113697de86b3 ) Just running the plain Debian image and doing an “su” in it gave me a System error so no dice there. Maybe someone more skilled knows how to get it working.

To anyone using it on Synology: which one was the latest version which worked for you?

(Want to switch back as currently dns resolution is sketchy, saves don’t work, “enable” is not sticky, can’t save settings nor whitelist urls via the UI”. It also no longer takes the machine names from my router - AVM Fritz!Box 7490 - however the names are used properly in the statistics however the DNS part doesn’t seem to resolve the names?!?) liked the low resource consumption but this is not useable unfortunately. And Synology: “does not support custom docker images” - of course, but using an outdated Linux kernel is starting to break Docker support. Let’s see how much relaying the details provided in my ticket is actually going to move anything. So much on updates from my side and to anyone else finding this thread in the search or an answer...

[Anatharias]

Like I wrote on my previous edited comment, it worked with specified ports ie 80 to 8888, etc For the sake of testing kept 53 and 67 to their own ports

and Pihole is running fine

[McMac]

Thanks for the reminder @Anatharias that everything works when using --net=bridge. 👍 One loses the details about the source of any DNS request (-> stats, issue tracking) but on second thought do I really need those details?! Probably not. It's the "right-Docker-way" anyways. :)

[Ulisus]

But i would really like to see the source the request came from. Did anybody get the new v4 container running with --net=host?

So i only set --net=host and the variables "ServerIP" and "WEB_PORT" and the interface is working fine. But the settings are still not saved! I get the following errors:

stdout | sudo: policy plugin failed session initialization stdout | sudo: pam_open_session: System error stdout | sudo: unable to send audit message: Unknown error -1

I don't quiet get why it is a linux/docker issue on synology, but it works with Debian 3.2.1.

[Azzhoe]

Same here, I can't get it to block anything... would appreciate if someone can post a detailed tutorial of how to get pi-hole properly installed and configured on Synology NAS with DSM 6.2.

I have followed the guide by tony lawrence btw.

[Xento]

I think I fixed it using this commands: https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

[hummel124]

I think I fixed it using this commands: https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379

Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main
deb-src http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian-security/ stretch/updates main
deb-src http://deb.debian.org/debian-security/ stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main

Thanks Chris

[Xento]

Yeah I had to add this lines, too. I forgot to mention that ;-)

[Azzhoe]

I think I fixed it using this commands: https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379

Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main
deb-src http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian-security/ stretch/updates main
deb-src http://deb.debian.org/debian-security/ stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main

Thanks Chris

Hi, I am also running pi-hole on my Synology 1512 NAS running DSM 6.2. However my pi-hole is behaving quite strange. I cannot seem to save any whitelist/blacklist entries, cannot save any of my settings, the version does not show on the bottom right, instead it shows N/A. When I hit enable in the dashboard it wlil go back to the yellow circle status and won't stay on, but it is somehow still blocking. I am running the official pi-hole.

Could you please show me what you did to get this to work without any problems?

[diginc]

Please create a new issue, sounds like you have a different problem. the yellow circle problem was also a old bug make sure your images up to date.

On Wed, Oct 3, 2018, 06:00 Azzhoe notifications@github.com wrote:

I think I fixed it using this commands:

https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379

Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main deb-src http://deb.debian.org/debian stretch main deb http://deb.debian.org/debian-security/ stretch/updates main deb-src http://deb.debian.org/debian-security/ stretch/updates main deb http://deb.debian.org/debian stretch-updates main deb-src http://deb.debian.org/debian stretch-updates main

Thanks Chris

Hi, I am also running pi-hole on my Synology 1512 NAS running DSM 6.2. However my pi-hole is behaving quite strange. I cannot seem to save any whitelist/blacklist entries, cannot save any of my settings, the version does not show on the bottom right, instead it shows N/A. When I hit enable in the dashboard it wlil go back to the yellow circle status and won't stay on, but it is somehow still blocking. I am running the official pi-hole.

Could you please show me what you did to get this to work without any problems?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/pi-hole/docker-pi-hole/issues/243#issuecomment-426428604, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0-osN_F8wXdOR-EsHL_1nhI7_wmasMks5ug9QCgaJpZM4Su_3j .

[Azzhoe]

I'm not using the pi-hole from diginc but the official one. does this matter?

[diginc]

make sure you're using pihole/pihole

[alek-05]

I think I fixed it using this commands: https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379

Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main
deb-src http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian-security/ stretch/updates main
deb-src http://deb.debian.org/debian-security/ stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main

Thanks Chris

I tried but I receive this error message when I run the last command:

dpkg-buildpackage: info: source package pam dpkg-buildpackage: info: source version 1.1.8-3.6 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Adrian Bunk bunk@debian.org dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build pam-1.1.8 debian/rules clean dh clean --with quilt,autoreconf dh_testdir dh_auto_clean dh_quilt_unpatch Patch make_documentation_reproducible.patch does not remove cleanly (refresh it or enforce with -f) dh_quilt_unpatch: quilt --quiltrc /dev/null pop -a || test $? = 2 returned exit code 1 debian/rules:21: recipe for target 'clean' failed make: *** [clean] Error 25 dpkg-buildpackage: error: debian/rules clean gave error exit status 2 E: Build command 'cd pam-1.1.8 && dpkg-buildpackage -b -uc' failed.

I'm not an expert, could you please help me understand how to proceed?

Thank you.

[sjauquet]

https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379

Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main
deb-src http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian-security/ stretch/updates main
deb-src http://deb.debian.org/debian-security/ stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main

This perfectly solved the "read only" issue ! When this fix can be included in the Docker image please ? Thanks !

[Azzhoe]

@diginc I am using that one. I’m going to redownload it again. I chose the ‘latest’ one from the drop down box, perhaps I’m choosing the wrong build? I am on a Synology 1512+ NAS running I believe on Intel Atom Processor. So Do I get the latest version or something else?

The menu shows the following:

Latest 4.0.0.-1 4.0.0.-1_aarch64 4.0.0.-1_amd64 4.0.0.-1_armhf development

On Oct 15, 2018, at 9:38 PM, Adam Hill notifications@github.com wrote:

make sure you're using pihole/pihole https://hub.docker.com/r/pihole/pihole/ — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/pi-hole/docker-pi-hole/issues/243#issuecomment-430080558, or mute the thread https://github.com/notifications/unsubscribe-auth/AkZ-ejC0J6UkN5yChZKOMsfga-HnPWuiks5ulUa8gaJpZM4Su_3j.

[alek-05]

I think I fixed it using this commands: https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379 Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main
deb-src http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian-security/ stretch/updates main
deb-src http://deb.debian.org/debian-security/ stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main

Thanks Chris

Done! Thx

[diginc]

Great find @Xento, seems to be working for everyone. I'll work on getting this implemented in development branch now.

Docker PAM workaround

If you start your docker container with host networking enabled then due to a kernel bug commands like su does not work. One solution for this issue is to patch the host kernel with the following: AUDIT: Allow login in non-init namespaces

Another option is to patch the libpam on the guest OS running inside the docker container. For this purpose the sequenceiq/pam images are created for the most popular operating systems.

[diginc]

Give pihole/pihole:development a try and see if it removes the audit errors.

[sjauquet]

hello, for your information, I receive now this message after each page asked to the web admin of PiHole: sudo: unable to send audit message: Unknown error -1
sudo: unable to send audit message: Unknown error -1
sudo: unable to send audit message: Unknown error -1 .... But everything seems to work. edit: I'm new in Docker, and I'm probably to the pihole/pihole.

[Azzhoe]

I think I fixed it using this commands: https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile

Confirmed! This did the trick :) I'm running the Docker Container on my Synology DS1812 with DSM 6.2-23739 Update 2. Docker version ist 17.05.0-0379 Before executing the commands I had to modify the /etc/apt/sources.list: (Lines with deb-src were missing)

deb http://deb.debian.org/debian stretch main
deb-src http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian-security/ stretch/updates main
deb-src http://deb.debian.org/debian-security/ stretch/updates main
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main

Thanks Chris

Done! Thx

Could you please explain to me how you get this running properly on your Synology 1812+? I'm on a 1512+ and we're on pretty much the same hardware. I am using the official "latest" version from official pihole/pihole. Everything works except it doesn't show the version number at the bottom right, status circle always shows yellow no matter if I enable or disable pihole, and it cannot save any settings such as the whitelist/blacklist. I'm trying to understand all the replies on this thread, but it seems overly complex to me what you guys are doing. Do I need to modify some config files or something? That is where I need help with. I would greatly appreciate any help if possible. Thanks in advance.

I am using Docker 17.05.0-0394 / DSM 6.2.1-23824 My nas is on Intel Atom - 64bit processor

So did I get the write version of pihole? I got 'latest'

[diginc]

@Azzhoe If you're seeing the 'sudo: unable to send audit message' error message please try the image pihole/pihole:development. I pushed the fix being discussed to that image last night.

If you're seeing a different issue please fill out a new issue with the full template details. Synology is only community supported, I don't have hardware to reproduce issues or write any tutorials, but we'll try our best to figure out your problems if you provide enough data.

[mylala]

@diginc: Hey, thanks having a look into the issue, again!

I checked the development version and get the follow error msgs: sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

[mizhgan]

sudo: unable to send audit message: Unknown error -1

sudo: pam_open_session: System error

sudo: policy plugin failed session initialization

Hello. I got the same error as above. Using development image. Web interface is not saving changes again.

[diginc]

Hmmm, I need a way to verify the PAM --disable-audit install happened correctly. I pretty much just copied the install of pam out of https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile into the install. The readme of sequenceiq/docker-pam also says this command can be used to verify the issue is fixed :

sudo docker run -it --rm --net=host --entrypoint=bash pihole/pihole:development -c 'useradd testuser; su testuser;'

(no error should return, id should say you are testuser)

On Tue, Oct 23, 2018 at 6:08 AM mizhgan notifications@github.com wrote:

sudo: unable to send audit message: Unknown error -1

sudo: pam_open_session: System error

sudo: policy plugin failed session initialization

Hello. I got the same error as above. Using development image. Web interface is not saving changes again.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/pi-hole/docker-pi-hole/issues/243#issuecomment-432202987, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0-opocbBmC156rHGkzIJsI2KAFETy1ks5unvi5gaJpZM4Su_3j .

[Azzhoe]

I’m getting similar errors like everyone else when checking the log. I have the latest pihole/pihole:developer build installed. This is what my log says:

  [i] Consolidating blocklists...
  [✓] Consolidating blocklists
stdout
01:09:56
  [i] Extracting domains from blocklists...
  [✓] Extracting domains from blocklists
stdout
01:09:56
  [i] Number of domains being pulled in by gravity: 150449
stdout
01:09:56
  [i] Removing duplicate domains...
  [✓] Removing duplicate domains
stdout
01:09:56
  [i] Number of unique domains trapped in the Event Horizon: 127494
stdout
01:09:56
  [i] Nothing to whitelist!
stdout
01:09:56
  [i] Number of regex filters: 0
stdout
01:09:56
  [i] Parsing domains into hosts format...
  [✓] Parsing domains into hosts format
stdout
01:09:56
  [i] Cleaning up stray matter...
  [✓] Cleaning up stray matter
stdout
01:09:56
stdout
01:09:56
  [i] Force-reloading DNS service...
  [✓] Force-reloading DNS service
stdout
01:09:56
  [✓] DNS service is running
stdout
01:09:56
  [✓] Pi-hole blocking is Enabled
stdout
01:09:56
[cont-init.d] 20-start.sh: exited 0.
stdout
01:09:56
[cont-init.d] done.
stdout
01:09:56
[services.d] starting services
stdout
01:09:56
Starting pihole-FTL (no-daemon)
stdout
01:09:56
Starting crond
stdout
01:09:56
Starting lighttpd
stdout
01:09:56
[services.d] done.
stdout
01:10:01
stdout
01:10:01
System error
stdout
01:10:19
sudo: unable to resolve host pihole-pihole4
stdout
01:10:19
sudo: unable to send audit message: Unknown error -1
stdout
01:10:19
sudo: pam_open_session: System error
stdout
01:10:19
sudo: policy plugin failed session initialization
stdout
01:10:22
sudo: unable to resolve host pihole-pihole4
stdout
01:10:22
sudo: unable to send audit message: Unknown error -1
stdout
01:10:22
sudo: pam_open_session: System error
stdout
01:10:22
sudo: policy plugin failed session initialization
stdout
01:10:24
sudo: unable to resolve host pihole-pihole4
stdout
01:10:24
sudo: unable to send audit message: Unknown error -1
stdout
01:10:24
sudo: pam_open_session: System error
stdout
01:10:24
sudo: policy plugin failed session initialization

On Oct 23, 2018, at 8:48 AM, Adam Hill notifications@github.com wrote:

Hmmm, I need a way to verify the PAM --disable-audit install happened correctly. I pretty much just copied the install of pam out of https://github.com/sequenceiq/docker-pam/blob/master/ubuntu-14.04/Dockerfile into the install. The readme of sequenceiq/docker-pam also says this command can be used to verify the issue is fixed :

sudo docker run -it --rm --net=host --entrypoint=bash pihole/pihole:development -c 'useradd testuser; su testuser;'

(no error should return, id should say you are testuser)

On Tue, Oct 23, 2018 at 6:08 AM mizhgan notifications@github.com wrote:

sudo: unable to send audit message: Unknown error -1

sudo: pam_open_session: System error

sudo: policy plugin failed session initialization

Hello. I got the same error as above. Using development image. Web interface is not saving changes again.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/pi-hole/docker-pi-hole/issues/243#issuecomment-432202987, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0-opocbBmC156rHGkzIJsI2KAFETy1ks5unvi5gaJpZM4Su_3j .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/pi-hole/docker-pi-hole/issues/243#issuecomment-432253260, or mute the thread https://github.com/notifications/unsubscribe-auth/AkZ-ei991P7hmWotsKUAtNa9X5tRdr1Hks5unx4rgaJpZM4Su_3j.