Your message dated Wed, 20 Aug 2025 18:29:35 +0100
with message-id
<CAMw=znsqtntrqj6pfkjczbcl0vtafqivy7op4g6sy1o3sdv...@mail.gmail.com>
and subject line 1110997-done
has caused the Debian Bug report #1110997,
regarding postfix: Log audit spam about unconfined syscall 428 (open_tree)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110997
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postfix
Version: 3.10.3-2
Severity: normal
Hi!
On a system with postfix and systemd, I started to get audit log spam
after I upgraded systemd earlier today to version 258~rc2-2.
The message that repeats every minute (I think), reads like this:
,---
audit: type=1326 audit(1755082451.348:443): auid=4294967295 uid=0 gid=136
ses=4294967295 subj=unconfined pid=1436139 comm="pickup"
exe="/usr/lib/postfix/sbin/pickup" sig=31 arch=c000003e syscall=428 compat=0
ip=0x7f32deee0747 code=0x80000000
`---
The syscall 428 on Linux amd64 is open_tree, so adding that to the
systemd service file in SystemCallFilter:
SystemCallFilter=@system-service @setuid chroot open_tree
Appears to fix the issue. Although I'm not sure whether this is
something that started with the new systemd upload or was a
pre-existing problem (perhaps even affecting Debian trixie?).
Thanks,
Guillem
--- End Message ---
--- Begin Message ---
Control: fixed -1 258~rc3-1
--- End Message ---
