Will the required pat set be backported to older kernel, such as Ubuntu 4.15.0-70.79-generic 4.15.18?
Will the patches be in 20.04 LTS (kernel >= 4.18), which is around the corner? NOTE: Unfortunately with issue #1774711 the use of "auditd" has become problematic on systems with SSDs, since systemd allows in-memory configuration (Storage=volatile; SplitMode=none), but auditd does not support such a complex configuration (write_logs = no; log_file = /var/log/audit/audit.log). That means with the excessive SECCOMP lines (i.e. tens/hundreds of thousands a day) we cannot re-enable auditd (sudo systemctl start|enable auditd.service) until this issue is resolved, UNLESS there is a way to make auditd not to write logs to disk but continue to function properly. We need auditd for enforcing audit.rules (complex ISO 27001, PCI-DSS, etc. compliant rulesets) and statistics (sudo aureport (-n)), which require log data stored (dmesg kernel bugger is insufficient for ISO compliant store and analysis of events and stats). Our tests show, that up to several hundred MiB of logs are written to the SSDs per pay, which accumulates to approx 0.5 TiB over the course of 4 years. With in avg. 50% of the SSD cells occupied and given the models, this translates to a slightly increased wear-out of our SSDs, even when a good wear-leveling algorithm and background garbage collector is in use (our desktop models: Samsung Enterprise SSD with super capacitor mod. SM/PM863(a)). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774711 Title: excessive seccomp audit logs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
