Bug 29024 - [Anolis 23.4][RV]auditd服务无法启动
Summary: [Anolis 23.4][RV]auditd服务无法启动
Status: NEW
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 23.4
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: winterddd
QA Contact: bolong_tbl
URL:
Whiteboard:
Keywords: Function
Depends on:
Blocks:
 
Reported: 2026-01-04 14:12 UTC by yunmeng365524
Modified: 2026-01-04 14:12 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description yunmeng365524 2026-01-04 14:12:06 UTC 
Description of problem:
auditd服务无法启动

Version-Release number of selected component (if applicable):
[root@localhost anolis-pkg-tests]# cat /etc/os-release 
NAME="Anolis OS"
VERSION="23.4"
ID="anolis"
VERSION_ID="23.4"
PLATFORM_ID="platform:an23"
PRETTY_NAME="Anolis OS 23.4"
ANSI_COLOR="0;31"
HOME_URL="https://openanolis.cn/"
BUG_REPORT_URL="https://bugzilla.openanolis.cn/"

[root@localhost anolis-pkg-tests]# 
[root@localhost anolis-pkg-tests]# uname -a
Linux localhost.localdomain 6.6.102-5.2.1_rc1.an23.riscv64 #1 SMP PREEMPT_DYNAMIC Tue Dec 16 23:39:37 EST 2025 riscv64 riscv64 riscv64 GNU/Linux
[root@localhost anolis-pkg-tests]# cat /proc/cmdline 
BOOT_IMAGE=(hd0,gpt2)/vmlinuz-6.6.102-5.2.1_rc1.an23.riscv64 root=/dev/mapper/ao_izbp15ivemmefx8binqhwlz-root ro crashkernel=auto rd.lvm.lv=ao_izbp15ivemmefx8binqhwlz/root rd.lvm.lv=ao_izbp15ivemmefx8binqhwlz/swap selinux=0 console=ttyS0,115200n8 audit=0
[root@localhost anolis-pkg-tests]# 


How reproducible:

启动auditd服务后下发规则失败
[root@localhost anolis-pkg-tests]# systemctl start auditd
[root@localhost anolis-pkg-tests]# auditctl -w /bin/mkdir -p x -k module_insertion
Error - audit support not in kernel
Cannot open netlink audit socket

查看auditd服务,实际无法启动:
[root@localhost anolis-pkg-tests]# systemctl start auditd
[root@localhost anolis-pkg-tests]# echo $?    # 这里如果启动失败,不应该返回值是0
0
[root@localhost anolis-pkg-tests]# systemctl status auditd
○ auditd.service - Security Audit Logging Service
     Loaded: loaded (/usr/lib/systemd/system/auditd.service; disabled; preset: disabled)
     Active: inactive (dead)
  Condition: start condition unmet at Sun 2026-01-04 14:07:14 CST; 13s ago
             └─ ConditionKernelCommandLine=!audit=0 was not met
       Docs: man:auditd(8)
             https://github.com/linux-audit/audit-documentation

Dec 23 21:56:55 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Dec 23 22:20:25 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Dec 23 22:27:01 localhost.localdomain systemd[1]: auditd.service - Security Audit Logging Service was skipped because of an unmet condition check (ConditionKernelCommandLine=!audit=0).
Dec 23 22:27:30 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Dec 23 22:35:11 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Dec 23 22:35:37 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Dec 25 11:04:51 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Jan 04 11:40:48 localhost.localdomain systemd[1]: /usr/lib/systemd/system/auditd.service:30: PIDFile= references a path below legacy directory /var/run/, updating /var/run/audi
td.pid → /run/auditd.pid; please update the unit file accordingly.
Jan 04 14:05:44 localhost.localdomain systemd[1]: auditd.service - Security Audit Logging Service was skipped because of an unmet condition check (ConditionKernelCommandLine=!audit=0).
Jan 04 14:07:14 localhost.localdomain systemd[1]: auditd.service - Security Audit Logging Service was skipped because of an unmet condition check (ConditionKernelCommandLine=!audit=0).
[root@localhost anolis-pkg-tests]# 

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info: