You are not logged in.

#1 2020-07-30 01:39:16

tda
Member
Registered: 2020-06-27
Posts: 44

[SOLVED] audit messages when installing Arch on a System76 laptop

I am trying to install Arch Linux on a System76 Lemur Pro laptop.  I have made a bootable USB using the 2020.07.01 version of the iso file.  When the console opens, I see the following audit messages:

Arch Linux 5.7.6-arch1-1 (tty1)

archiso login: root (automatic login)

[   15.708006] audit: type=1101 audit(1596070122.033:28): pid=490 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tally2,pam_access,pam_unix,pam_permit,pam_time acct="root" exe="/usr/bin/login" hostname=archiso addr=? terminal=tty1 res=success'
[   15.710617] audit: type=1103 audit(1596070122.036:29): pid=490 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit,pam_env acct="root" exe="/usr/bin/login" hostname=archiso addr=? terminal=tty1 res=success'
[   15.710691] audit: type=1006 audit(1596070122.036:30): pid=490 uid=0 old-auid=4294967295 auid=0 tty=tty1 old-ses=4294967295 ses=1 res=1
[   15.710729] audit: type=1300 audit(1596070122.036:30): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7ffd9b9a2920 a2=1 a3=7ffd9b9a2637 items=0 ppid=1 pid=490 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=1 comm="login" exe="/usr/bin/login" key=(null)
[   15.710801] audit: type=1327 audit(1596070122.036:30): proctitle=2F62696E2F6C6F67696E002D660020202020
[   15.729737] audit: type=1130 audit(1596070122.053:31): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[   15.736163] audit: type=1101 audit(1596070122.059:32): pid=642 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tally2,pam_access,pam_unix,pam_permit,pam_time acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[   15.736240] audit: type=1103 audit(1596070122.059:33): pid=642 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
[   15.736297] audit: type=1006 audit(1596070122.059:34): pid=642 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=2 res=1
root@archiso ~ #

I haven't seen these messages other times I have installed Arch, so I'm not sure what to make of them.  They do not pop up when I use the bootable USB on my desktop computer.

After a short amount of time, other audit messages start popping up in the console.  These messages continue endlessly at a rate of about 1 message every 2 seconds.  Furthermore, these messages pop up even when I am entering commands, which makes it nearly impossible to use the prompt.  Here are some examples of the messages I receive:

[  224.043765] audit: type=1130 audit(1596070330.366:72): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
[  234.267335] audit: type=1130 audit(1596070340.593:73): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  234.268337] audit: type=1131 audit(1596070340.593:74): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  234.544303] audit: type=1130 audit(1596070340.869:75): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
[  244.767326] audit: type=1130 audit(1596070351.093:76): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  244.768340] audit: type=1131 audit(1596070351.093:77): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  245.044361] audit: type=1130 audit(1596070351.369:78): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
[  255.267329] audit: type=1130 audit(1596070361.593:79): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  255.268364] audit: type=1131 audit(1596070361.593:80): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  255.544314] audit: type=1130 audit(1596070361.869:81): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=reflector comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

Any help would be appreciated.

Last edited by tda (2020-08-12 01:47:44)

Offline

#2 2020-07-30 02:30:02

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Use Ctrl-Alt-F2 to change to the second console to solve your biggest issue, being interrupted by the messages.   Those are mostly harmless, but they do seem a bit excessive.   See if they persist once you install your system and boot into it.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2020-07-30 02:43:10

tda
Member
Registered: 2020-06-27
Posts: 44

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Thanks for the suggestion. But unfortunately I'm seeing the same sort of behavior in the Ctrl+Alt+F2 console.

Offline

#4 2020-07-30 03:07:05

WFV
Member
From: ☭USSA⛧⭒⭒⭒⭒
Registered: 2013-04-23
Posts: 288

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Can pass

audit=0

to the kernel to turn them off to see if you can get your system to boot. Then change audit level or remove the kernel parameter to see if still interfering.


∞ hard times make the strong, the strong make good times, good times make the weak, the weak make hard times ∞

Offline

#5 2020-07-30 07:49:16

tda
Member
Registered: 2020-06-27
Posts: 44

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Ok, I was able to reduce the number of messages by changing the enabled flag in auditctl:

auditctl -e0

This greatly reduced the number of messages, but there were still some messages that popped up occasionally, which weren't always "audit" messages, but other kernel messages as well.  Anyway, I was able to deal with the small number of messages and Arch seemed to install successfully.

But I think I now have a more accurate description of what's going on.  It seems that many kernel messages (not just audit messages) are being output to the console.  For example, if I plug in a USB drive, then the console will show the following:

[root@trevorslaptop ~]# [  695.195911] usb 1-3: new high-speed USB device number 6 using xhci_hcd
[  696.091357] usb 1-3: New USB device found, idVendor=090c, idProduct=1000, bcdDevice= 4.03
[  696.091400] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.091431] usb 1-3: Product: DISK 2.0
[  696.091449] usb 1-3: Manufacturer: USB
[  696.091467] usb 1-3: SerialNumber: GR0I2JOKTIU8Z230
[  696.093048] usb-storage 1-3:1.0: USB Mass Storage device detected
[  696.093305] scsi host0: usb-storage 1-3:1.0
[  697.104452] scsi 0:0:0:0: Direct-Access     USB      DISK 2.0         0403 PQ: 0 ANSI: 0 CCS
[  697.106448] sd 0:0:0:0: [sda] 7962624 512-byte logical blocks: (4.08 GB/3.80 GiB)
[  697.107385] sd 0:0:0:0: [sda] Write Protect is off
[  697.107423] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00
[  697.108418] sd 0:0:0:0: [sda] No Caching mode page found
[  697.108449] sd 0:0:0:0: [sda] Assuming drive cache: write through
[  697.134231]  sda: sda1 sda2
[  697.136219] sd 0:0:0:0: [sda] Attached SCSI removable disk

These messages show up in the USB boot prompt as well as in my Arch installation on the laptop.  Usually this information is hidden, so I'm not sure why it's being printed to the console.

Offline

#6 2020-07-31 02:46:25

tda
Member
Registered: 2020-06-27
Posts: 44

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Ok, I have more information which would explain why this is occurring.  I've compared different versions of the installation iso.  It seems that depending on which is version I use, the console log level is different.

Using the 2020.07.01 version of the iso:

# cat /proc/sys/kernel/printk
15      4       1       4

Using the 2020.06.01 version of the iso:

# cat /proc/sys/kernel/printk
15      4       1       4

Using the 2020.05.01 version of the iso:

# cat /proc/sys/kernel/printk
4       4       1       4

I'm not sure why these are different, but they seem to be determining whether or not I see kernel messages in the console.

Offline

#7 2020-08-01 03:06:05

WFV
Member
From: ☭USSA⛧⭒⭒⭒⭒
Registered: 2013-04-23
Posts: 288

Re: [SOLVED] audit messages when installing Arch on a System76 laptop


∞ hard times make the strong, the strong make good times, good times make the weak, the weak make hard times ∞

Offline

#8 2020-08-03 18:48:51

tda
Member
Registered: 2020-06-27
Posts: 44

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Thanks for the suggestion. I've also had difficulties trying to update the System76 firmware. I think I'm going to start a new thread about it.

Offline

#9 2020-08-06 02:45:44

tda
Member
Registered: 2020-06-27
Posts: 44

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Ok, I seemed to have figured out how to update the firmware (I created this thread about it). But unfortunately, that didn't seem to fix the problem.

Offline

#10 2020-08-12 01:46:48

tda
Member
Registered: 2020-06-27
Posts: 44

Re: [SOLVED] audit messages when installing Arch on a System76 laptop

Ok, System76 support helped me figure this out. This problem is fixed with the https://github.com/pop-os/system76-acpi-dkms repo which can be installed via the system76-acpi-dkms AUR package. However, the current AUR package points at a version of the Github repo prior to the relevant fix. So it was necessary to modify the PKGBUILD to point at the latest code in the repo. I posted some info about this issue on the Arch Wiki: https://wiki.archlinux.org/index.php/System76_Lemur_Pro.

Offline

Board footer

Powered by FluxBB