LXD container auditd fails to install


(Vudududu) #1

18.04 LTS

sudo apt install -y auditd audispd-plugins
Reading package lists... Done
Building dependency tree       
Reading state information... Done
auditd is already the newest version (1:2.8.2-1ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up auditd (1:2.8.2-1ubuntu1) ...
Job for auditd.service failed because the control process exited with error code.
See "systemctl status auditd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript auditd, action "start" failed.
● auditd.service - Security Auditing Service
   Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-03-15 13:03:19 EET; 12ms ago
     Docs: man:auditd(8)
           https://github.com/linux-audit/audit-documentation
  Process: 7171 ExecStart=/sbin/auditd (code=exited, status=1/FAILURE)

Mar 15 13:03:19 muziejus systemd[1]: Starting Security Auditing Service...
Mar 15 13:03:19 muziejus systemd[1]: auditd.service: Control process exited, code=exited status=1
Mar 15 13:03:19 muziejus systemd[1]: auditd.service: Failed with result 'exit-code'.
Mar 15 13:03:19 muziejus systemd[1]: Failed to start Security Auditing Service.
dpkg: error processing package auditd (--configure):
 installed auditd package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of audispd-plugins:
 audispd-plugins depends on auditd; however:
  Package auditd is not configured yet.

dpkg: error processing package audispd-plugins (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Errors were encountered while processing:
 auditd
 audispd-plugins
E: Sub-process /usr/bin/dpkg returned an error code (1)

-- Unit auditd.service has begun starting up.
Mar 15 13:04:49 muziejus auditd[8128]: **Cannot change priority (Operation not permitted)**
Mar 15 13:04:49 muziejus systemd[1]: auditd.service: Control process exited, code=exited status=1
Mar 15 13:04:49 muziejus auditd[8128]: The audit daemon is exiting.
Mar 15 13:04:49 muziejus systemd[1]: auditd.service: Failed with result 'exit-code'.
Mar 15 13:04:49 muziejus systemd[1]: Failed to start Security Auditing Service.

Any ideas?
Maybe this is https://bugzilla.redhat.com/show_bug.cgi?id=893751


#2

Hi!

You can enclose the terminal text with three backticks at the start and at the end, as with

This is an example

Here is how it looks,

Having said that, the Linux Audit Framework (more up to date info at https://wiki.archlinux.org/index.php/Audit_framework) does not have full namespace support yet. This framework has a Linux kernel component and a user-space component. You have installed the user-space component.
You might be able to force it to work with a privileged container. For that, see How to add CAP_IPC_LOCK capabilities to container?


(Vudududu) #3

Hi,
thank you @simos . Corrected my post. I will give it a try to make audit work.