"Sensors plugin" in dom0 generates 2 "audit:" dmesg messages on every temperature refresh

20 views
Skip to first unread message

Marcus Linsner

unread,
Aug 22, 2018, 5:08:44 PM8/22/18
to qubes-users
"Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) temperatures in the panel. (eg. RMB on panel, Panel->Add New Items...->Search: ->Sensor plugin)

Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 second, however this means it would generate 2 dmesg audit messages every second AND they are flushed to the disk(judging by the case HDD led flashing).

[ 93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 uid=1000 auid=1000 ses=2 msg='op=PAM:authentication grantors=pam_localuser acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? res=success'
[ 93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? res=success'


Is there some way to turn these off? if not all the audit messages.

Marcus Linsner

unread,
Feb 6, 2019, 11:59:56 AM2/6/19
to qubes-users

audit=0 in /proc/cmdline did it
that is, for me,
sudo vim /boot/efi/EFI/qubes/xen.cfg
and add it at the end of lines like:

kernel=vmlinuz-4.19.12-3.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-9ed952b5-2aa8-4564-b700-fb23f5c9e94b rd.lvm.lv=qubes_dom0/root i915.alpha_support=1 rd.luks.options=discard root_trim=yes rd.luks.allow-discards ipv6.disable=1 loglevel=15 log_buf_len=16M printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on mminit_loglevel=0 memory_corruption_check=1 fbcon=scrollback:4096k fbcon=font:ProFont6x11 net.ifnames=1 pax_sanitize_slab=full console=tty1 earlyprintk=vga systemd.log_target=kmsg systemd.journald.forward_to_console=1 udev.children-max=1256 rd.udev.children-max=1256 rhgb sysrq_always_enabled random.trust_cpu=off audit=0

however now I've:
[11487.420448] userhelper[9870]: running '/usr/sbin/hddtemp -n -q /dev/sda' with root privileges on behalf of 'ctor'
as a spam, every second.

I've noticed that /usr/sbin/hddtemp wasn't already suid root, so I've set it now via:
sudo chmod u+s /usr/sbin/hddtemp

the spam still happens, but maybe a reboot is in order, unless xfce4-sensors-plugin is calling userhelper itself?

[ctor@dom0 ~]$ rpm -qf `which userhelper`
usermode-1.111-8.fc24.x86_64

I'll go reboot, if it works I won't post again, otherwise I'll keep trying to find a way to get rid of this spam.

Marcus Linsner

unread,
Feb 6, 2019, 12:25:23 PM2/6/19
to qubes-users

suid+reboot didn't work, but looks like I've encountered this before here: https://groups.google.com/d/msg/qubes-devel/NfVQi0HXWEY/uiw23yq2CgAJ
and it is a loglevel 15 message
<15>[ 87.005717] userhelper[4027]: running '/usr/sbin/hddtemp -n -q /dev/sda' with root privileges on behalf of 'ctor'

so, in the worst case all I have to do is find out how to tell systemd/journald to not store it, which frankly I've no idea how, since it only accepts 0-7 numbers according to man journald.conf for MaxLevelStore=
and yet that level 15 message still lands in journalctl -b 0
but perhaps other forwarding settings are in effect which make it so.

MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, MaxLevelWall=
Controls the maximum log level of messages that are stored on disk, forwarded to syslog, kmsg, the console or wall (if that is enabled, see above).
As argument, takes one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug", or integer values in the range of 0-7
(corresponding to the same levels). Messages equal or below the log level specified are stored/forwarded, messages above are dropped. Defaults to
"debug" for MaxLevelStore= and MaxLevelSyslog=, to ensure that the all messages are written to disk and forwarded to syslog. Defaults to "notice"
for MaxLevelKMsg=, "info" for MaxLevelConsole=, and "emerg" for MaxLevelWall=.

So, since 'debug' is 7, it stands to reason that a level 15 message won't be seen, unless ... I'm missing something.

Marcus Linsner

unread,
Feb 6, 2019, 1:49:06 PM2/6/19
to qubes-users

ok, that message is log level 5 aka notice
https://pagure.io/usermode/blob/a501560b8f25e9ddc1a3213a1f865564e5a9a34c/f/userhelper.c#_1943

and it can't be disabled! unless I tell journald.conf to maxlevel warning which would waste a lot of log messages and is unacceptable...

so the only thing left is to remove the file that hddtemp package added into /etc/pam.d/ (named: hddtemp)
and set hddtemp as suid root(as I already did above)
(all of this in dom0)
ok, apparently that's not good enough, because for some reason it's asking for a password when xfce4-sensors-plugin is trying to execute it! But it works when I'm executing it as my user, without asking for a password.

Maybe it just needs a restart.

Marcus Linsner

unread,
Feb 6, 2019, 2:04:53 PM2/6/19
to qubes-users

wow, my bad:
i completely failed to realize that xfce4-sensors-plugin was executing /usr/bin/hddtemp which was a symlink to consolehelper:
lrwxrwxrwx. 1 root root 13 Feb 4 2016 /usr/bin/hddtemp -> consolehelper

so I had to overwrite it:
[ctor@dom0 ~]$ sudo ln -rsf /usr/sbin/hddtemp /usr/bin/hddtemp
now:
lrwxrwxrwx 1 root root 15 Feb 6 19:54 /usr/bin/hddtemp -> ../sbin/hddtemp

so it works now.

//To summarize:
//ok, i can't find a working way to 'reinstall' hddtemp, so gave up on summary

Reply all
Reply to author
Forward
0 new messages