Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

could not open either /var/log/audit/audit.log #2458

Closed
tugytur opened this issue Nov 22, 2023 · 5 comments · Fixed by #2461
Closed

could not open either /var/log/audit/audit.log #2458

tugytur opened this issue Nov 22, 2023 · 5 comments · Fixed by #2461
Assignees
@mrcnski
Labels
I3-annoyance The node behaves within expectations, however this “expected behaviour” itself is at issue.

Comments

@tugytur
Copy link
Contributor

tugytur commented Nov 22, 2023

With the release polkadot 1.4.0-00395a23d12 when a validator becomes a p/v I get the following logs

2023-11-22 22:12:00 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1383
2023-11-22 22:12:00 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1440
2023-11-22 22:12:00 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1383
2023-11-22 22:12:00 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1383
2023-11-22 22:12:02 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1383
2023-11-22 22:12:02 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1383
2023-11-22 22:12:05 💤 Idle (39 peers), best: #20673517 (0x172c…3e4f), finalized #20673515 (0xd810…4f52), ⬇ 2.0MiB/s ⬆ 1.5MiB/s
2023-11-22 22:12:06 ✨ Imported #20673518 (0x84ee…bf74)
2023-11-22 22:12:06 could not open either /var/log/audit/audit.log or /var/log/syslog for reading audit logs worker_pid=1383
2023-11-22 22:12:06 ✨ Imported #20673518 (0xeacd…27ac)
2023-11-22 22:12:10 💤 Idle (39 peers), best: #20673518 (0x84ee…bf74), finalized #20673515 (0xd810…4f52), ⬇ 1.5MiB/s ⬆ 2.7MiB/s

Processes are:

1383  0.2  0.0 283788 20212 ?        S    20:28   0:14 /usr/local/bin/polkadot-execute-worker execute-worker --node-impl-version 1.4.0 --socket-path /tmp/pvf-host-executeucSLBix89h --worker-dir-path /var/blockchain/data/chains/ksmcc3/db/full/pvf-artifacts/worker-dir-execute-wUmMklebcN --can-enable-landlock --can-enable-seccomp
1440  0.0  0.0 183948 17688 ?        S    20:28   0:01 /usr/local/bin/polkadot-execute-worker execute-worker --node-impl-version 1.4.0 --socket-path /tmp/pvf-host-execute72RT0gNAe0 --worker-dir-path /var/blockchain/data/chains/ksmcc3/db/full/pvf-artifacts/worker-dir-execute-JLsfDdp4tp --can-enable-landlock --can-enable-seccomp

This doesn't seem to have any performance implications and the validator is not missing any blocks.
Why does the validator process require read access to the auditd logs?
@bkchr bkchr added the I3-annoyance The node behaves within expectations, however this “expected behaviour” itself is at issue. label Nov 22, 2023
@bkchr
Copy link
Member

bkchr commented Nov 22, 2023

Why does it assumes that there exists /var/log/syslog? This is no default path that exists on Linux?

This should also for sure not be a warning.

@mrcnski
Copy link
Contributor

mrcnski commented Nov 23, 2023

Sorry. :/ It's already been fixed and the fix will be in the next release.

@bkchr
Copy link
Member

bkchr commented Nov 23, 2023

Please post the pr that fixed it and close the issue.

mrcnski added a commit that referenced this issue Nov 23, 2023
@mrcnski
PVF: remove audit log access and musl
1604f6a 
The decision has been made to move to PolkaVM for PVFs. Any additional work in
the direction of seccomp/musl would quickly become obsolete, because PVM has no
dependencies and is thus able to control all its syscalls. Indeed, it has a
seccomp allowlist of only five syscalls:

https://github.com/koute/polkavm/blob/cf4103d/crates/polkavm-zygote/src/main.rs#L476

We've determined that our other work in security is already enough to reasonably
protect validators. It doesn't make much sense to announce the requirement on
musl, make the switch, and then shortly roll it back, for marginal benefit.

So this PR removes the following:

- seccomp logging based on audit logs (required root, anyway)
- musl-specific stuff

The following is kept just to catch the addition of `io_uring` syscall, which is
currently blocked. It will be removed in the future:

- the list-syscalls script
- the syscall-check CI job

Closes #2458 (note that the
spurious warning was already fixed in a different PR)
@mrcnski mrcnski mentioned this issue Nov 23, 2023
Merged
@mrcnski
Copy link
Contributor

mrcnski commented Nov 23, 2023

@bkchr Spamming spurious warnings was fixed, but we still had some audit log access. It's being totally removed here: #2461

@bkchr
Copy link
Member

bkchr commented Nov 23, 2023

Ty for the update @mrcnski

This was referenced Dec 1, 2023
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrcnski mrcnski

Labels
I3-annoyance The node behaves within expectations, however this “expected behaviour” itself is at issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

PVF: remove audit log access paritytech/polkadot-sdk
3 participants
@bkchr @mrcnski @tugytur