LXD container auditd fails to install

LXD
1

18.04 LTS

sudo apt install -y auditd audispd-plugins
Reading package lists... Done
Building dependency tree       
Reading state information... Done
auditd is already the newest version (1:2.8.2-1ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up auditd (1:2.8.2-1ubuntu1) ...
Job for auditd.service failed because the control process exited with error code.
See "systemctl status auditd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript auditd, action "start" failed.
● auditd.service - Security Auditing Service
   Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-03-15 13:03:19 EET; 12ms ago
     Docs: man:auditd(8)
           https://github.com/linux-audit/audit-documentation
  Process: 7171 ExecStart=/sbin/auditd (code=exited, status=1/FAILURE)

Mar 15 13:03:19 muziejus systemd[1]: Starting Security Auditing Service...
Mar 15 13:03:19 muziejus systemd[1]: auditd.service: Control process exited, code=exited status=1
Mar 15 13:03:19 muziejus systemd[1]: auditd.service: Failed with result 'exit-code'.
Mar 15 13:03:19 muziejus systemd[1]: Failed to start Security Auditing Service.
dpkg: error processing package auditd (--configure):
 installed auditd package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of audispd-plugins:
 audispd-plugins depends on auditd; however:
  Package auditd is not configured yet.

dpkg: error processing package audispd-plugins (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Errors were encountered while processing:
 auditd
 audispd-plugins
E: Sub-process /usr/bin/dpkg returned an error code (1)

-- Unit auditd.service has begun starting up.
Mar 15 13:04:49 muziejus auditd[8128]: **Cannot change priority (Operation not permitted)**
Mar 15 13:04:49 muziejus systemd[1]: auditd.service: Control process exited, code=exited status=1
Mar 15 13:04:49 muziejus auditd[8128]: The audit daemon is exiting.
Mar 15 13:04:49 muziejus systemd[1]: auditd.service: Failed with result 'exit-code'.
Mar 15 13:04:49 muziejus systemd[1]: Failed to start Security Auditing Service.

Any ideas?
Maybe this is https://bugzilla.redhat.com/show_bug.cgi?id=893751

2

Hi!

You can enclose the terminal text with three backticks at the start and at the end, as with

This is an example

Here is how it looks,

Screenshot%20from%202019-03-15%2013-58-28
Screenshot from 2019-03-15 13-58-28.png983×264 11.7 KB

Having said that, the Linux Audit Framework (more up to date info at https://wiki.archlinux.org/index.php/Audit_framework) does not have full namespace support yet. This framework has a Linux kernel component and a user-space component. You have installed the user-space component.
You might be able to force it to work with a privileged container. For that, see How to add CAP_IPC_LOCK capabilities to container?

3

Hi,
thank you @simos . Corrected my post. I will give it a try to make audit work.

4

For further info on this, please see: https://github.com/lxc/lxd/issues/2188 and RFE Audit Container ID · linux-audit/audit-kernel Wiki · GitHub