-
Notifications
You must be signed in to change notification settings - Fork 558
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
qtox: audit log spam due to blocked netlink #5277
Comments
One can always add netlink in a qtox.local override. But, IMO, when an application functions properly without it, and the issue is only journal spamming, users can add a rule to audit's configuration to silence these warnings. That way the sandbox is kept nicely tight and the irritating spamming is handled cleanly. Here's an example you can try in case of qtox:
Let's wait a bit to let other people give their opinion on how to proceed here (adding a comment on how to silence these warnings, or adding netlink to protocol). |
Journal spamming is already fixed (#5207). I would close as won't fix/duplicate. |
@JeremyMahieu So what the above comments boil down to is that the issue should be fixed in git already. Consult our wiki for instructions on how to build from git. |
(Re-closing as "not planned", since it was marked as duplicate) Duplicate of #5207. Edit: For some reason, GitHub is not creating the "marked this as a |
It only does so if |
Duplicate of #5207 |
@rusty-snake commented on Jul 29:
Thanks! I had a hunch that it could be due to that, but I refused to believe I mean, even GitHub's own dependabot puts a dot at the end on similar
|
Is your feature request related to a problem? Please describe.
In the profile for qtox only protocols inet, inet6, and unix are enabled while qtox is confined with seccomp. This leads to generation of seccomp violation reports since qtox also needs AF_NETLINK sockets.
The reports look like this:
Describe the solution you'd like
This seemingly does not interfere with qtox's functionality but please consider adding netlink to permitted protocols in that profile.
Describe alternatives you've considered
Ignoring the seccomp violation messages, but they pollute the system journal and occur a few times every 10 seconds.
Additional context
The system should have Audit framework enabled and auditd running for logging to journal to happen. Systems configured otherwise will not see the same messages.
The text was updated successfully, but these errors were encountered: