Arch Linux

bl4ck5un

Member

Registered: 2015-01-28

Posts: 16

audit prevents systemd-modules-load from working

I'm noticing this weird issue after a recent kernel update. The issue is: `systemd-module-load`  fails on booting, rendering systemd booting screen yellow and red, but the system has no problem proceeding whatsoever. I traced the issue down to the following log:

    Mar 13 16:24:25 localhost.localdomain kernel: audit: type=1130 audit(1489436665.940:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
    Mar 13 16:24:25 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
    Mar 13 16:24:25 localhost.localdomain systemd-modules-load[227]: Failed to find module 'vboxdrv'
    Mar 13 16:24:25 localhost.localdomain systemd-modules-load[227]: Failed to find module 'vboxnetflt'
    Mar 13 16:24:25 localhost.localdomain systemd-modules-load[227]: Failed to find module 'vboxnetadp'
    Mar 13 16:24:25 localhost.localdomain systemd-modules-load[227]: Failed to find module 'vboxpci'
    Mar 13 16:24:30 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
    Mar 13 16:24:30 localhost.localdomain systemd-modules-load[538]: Inserted module 'vboxdrv'
    Mar 13 16:24:30 localhost.localdomain systemd-modules-load[538]: Inserted module 'vboxnetflt'
    Mar 13 16:24:30 localhost.localdomain systemd-modules-load[538]: Inserted module 'vboxnetadp'
    Mar 13 16:24:30 localhost.localdomain systemd-modules-load[538]: Inserted module 'vboxpci'

Note the difference in those two `audit` message. The only difference is `subj=kernel` vs `subj=system_u:system_r:init_t:s0`. So it seems to me a misconfiguration of some audit service. I don't know exactly who is auditing, so I disabled both SELinux and auditd.service. But the issue remains. Any idea?