Ubuntu 22.04 / MASQ is spamming audit log
under review
G
Gravitationskollaps
Running MASQ 0.9.6 on Ubuntu 22.04. I have installed a fresh Ubuntu virtual maschine with vmware and installed the MASQ snap. While the MASQ application is running, the journald is getting spammed with audit messages.
Ubuntu-2204-Test:~$ sudo journalctl -f --system
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947871): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13122 comm="VizCompositorTh" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f5692f769ef code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947872): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13122 comm="VizCompositorTh" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f5692f76aae code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947873): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13106 comm="Chrome_ChildIOT" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=47 compat=0 ip=0x78eaa5ea29ef code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947874): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13106 comm="Chrome_ChildIOT" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=202 compat=0 ip=0x78eaa5e0dfa0 code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947875): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13106 comm="Chrome_ChildIOT" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=232 compat=0 ip=0x78eaa5ea0fde code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947876): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13106 comm="Chrome_ChildIOT" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=232 compat=0 ip=0x78eaa5ea0fde code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947877): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13106 comm="Chrome_ChildIOT" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=232 compat=0 ip=0x78eaa5ea0fde code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947878): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13106 comm="Compositor" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=202 compat=0 ip=0x78eaa5e0c3b7 code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947879): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13122 comm="VizCompositorTh" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f5692f769ef code=0x7ffc0000
août 03 15:14:24 Ubuntu-2204-Test kernel: audit: type=1326 audit(1722690864.750:41947880): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.masq.masq pid=13122 comm="VizCompositorTh" exe="/snap/masq/x1/build/app/masq" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f5692f67d7f code=0x7ffc0000
août 03 15:14:29 Ubuntu-2204-Test kernel: kauditd_printk_skb: 35752 callbacks suppressed
I guess there is should be some kind of rule or policy which should be customized for MASQ and delivered with the snap package to prevent the application from spamming the log.
To get a feeling how much data is written by the MASQ process, I have used iotop for about 3 minutes and as you can see in the attached screenshot there was written more than 4 MB to journald (there is nothing else running except for MASQ) and the MASQ process itself has written more than 90 MB.
KauriHero
under review
G
Gravitationskollaps
If I just start the MASQ processes manually without snap, it is working as expected without any disk activity.
In one terminal:
sudo /snap/masq/x1/MASQNode --initialization
In another terminal:
/snap/masq/x1/build/app/masq
Seems to be related to snap.