[ERROR] sudo: unable to send audit message on Synology #243
Comments
|
I would start with synology + that error message unless this is very specific to my container. have you looked at these posts? https://duckduckgo.com/?q=site%3Aforum.synology.com+Operation+not+permitted&t=ffab&ia=web Do you use volumes and if you remove them and re-create the container does this error go away? |
|
I'm getting a similar error message each time I try to press the enable button. Enable appears to work, but as soon as I refresh the page, the enable button is back. Otherwise, pi-hole appears to be working. Here are the errors that appear in the logs... sudo: unable to send audit message: Unknown error -1 |
|
Same here when I try Also having the same problems through the Web UI, where I cannot save anything. It seems like a permissions issue, but since I'm using the already built diginc pihole docker image I would expect this to work out of the box. Running this on Synology DS916+. Any help is appreciated. |
|
Hi, i got this error only with --net=host (the only way to see "Top Clients ?") but i can't save any change. |
|
Hi folks, @ShagoY the --net=host works without NAT. You can add a new network and disable ip masquerading to enable the top clients. |
|
Hi @kn0rki, i just try in docker but no result, i think i need more information, have you a guide ? |
|
Same issue. Sudo: Unable to send audit message: Unknown error -1 did somebody solve it already. i saw already multiple issues about this but still without solution. Using DS412+ with docker and Diginc/pi-hole:latest |
|
Using DS 2413+ with docker and Diginc/pi-hole:latest docker logs gave me: Additionally:
Status in web UI changes from Active to Unknown a few seconds after clicking "Enable". |
|
I have the same problem. Mapping the black.list to a file doesn't fix it. |
|
same issue here. And the admin console shows status unknown. |
|
I have the same issue. DSM 6.0.2-8451 Update 11 |
|
I tried to isolate the problem whether an image issue or Synology DSM restriction. |
|
I ended up using virtual station to spin up a debian vm which I run pihole on. |
|
@doucheymcdoucherson thanks for the suggestion, I tried virtual station but not really satisfied with the resources it consumed. I do not run an extremely powerful synology nas. |
|
I have issue 286. I think they probably could be merged. I know the webinterface uses superuser commands to update the config files. My docker image reports the following when I try to use sudo: root@pihole:/# sudo I updated /etc/hosts to include pihole as 127.0.0.1 which fixes the first error but still sudo is broken on root@pihole:/# sudo date |
|
So i am having the same problems with the latest build on a Synology NAS. So i tried installing the "debian_v3.2.1" branch. Now the settings are finally saved! The only problems here are:
(By the way debian_3.1.4 didn't work, because the webport couldn't be changed from 80) |
|
Running into the same issue with the System error/Unknown error -1. I managed to drill down to it: docker exec -it pi-hole /bin/bash
root@pi-hole:/# su
su: System error
root@pi-hole:/# sudo -i
sudo: unable to send audit message: Unknown error -1
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
root@pi-hole:/#After some hefty googling and testing this issue only seem to occur when running with --net=host not with --net=bridge. There is a thread [ |
|
@McMac Thanks for digging into this. Looking at that Docker Moby ticket, it sounds like it's an older kernel problem rather than a docker problem. Can you confirm what docker and kernel versions you have with these commands? My oldest test system I have is 3.19 (Vivid) and I've never seen this problem, so given the newest kernel mentioned in that thread is 3.17 I'd think somewhere between those two the problem was resolved. I'd suggest looking into any upgrade options Synology has for kernel and docker versions. |
|
root@DiskTiger:~# docker version Server: WARNING: No kernel memory limit support |
|
Yup "Kernel Version: 3.10.102" :( Not much I can do here for this. I searched a little about what synology allows upgrades for but it depends on the the line/model. |
|
I think that DSM 6.2 has Kernel 4.4 Xpenology with loader 1.03b now works with DSM 6.2-23739 update 2: |
No, it doesn't. My DS916+ runs on the latest DSM 6.2-23739 Update 2 and it comes with Kernel 3.10.105. |
|
So I used a brand new DSM 6.2 on a DS1513+ (never used as a Docker host before) the same message appears each time I want to enable the service: System error EDIT: the above happens when selecting Host network, and that some of the ports are not available |
|
Glad to hear it's working @mizhgan
I'll be sure to add #358 is available for review if you can think of any other cleanup command ideas please feel free to add a comment there. |
|
@diginc I can report that this version finally is working and has fixed all those problems I had! But when looking at the log, I still see the following errors, however it doesn't seem to affect anything from what I'm aware of. sudo: unable to resolve host pihole-pihole5 |
|
I've deleted the temporary test |
|
@diginc I've just re-downloaded the latest pihole/pihole:development version and it came out to be about 345MB vs 487MB from the pihole/pihole:synology version. But now, I am experiencing all the same problems as before. I can't enable it without it returning back to the yellow status light, and I can't save any settings. |
|
Hmm sorry about that, something must have gone wrong with the build. I thought the size was a little too close to latest - it should be probably ~20Mb larger |
|
@diginc just downloaded the development build and it's still the same 345MB. |
|
@diginc any idea when this the development build will be updated, it’s still showing as 345mb.
… On Nov 1, 2018, at 10:57 AM, Adam Hill ***@***.***> wrote:
Hmm sorry about that, something must have gone wrong with the build. I thought the size was a little too close to latest - it should be probably ~20Mb larger
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#243 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AkZ-eqjef_XxSUy7tKjkAk3VNVrKAVRGks5uqxoFgaJpZM4Su_3j>.
|
|
Not quite sure why you're getting the same error, I'm pretty sure the pam fix should've been included in what I pushed. Size being reduced is expected because I optimized it. Has anyone else tested When you say you have the issue again do you mean just the printed errors in the log or the actual failure of functionality? Could you test the base image?
|
|
@diginc I’m getting the exact same behaviors and errors as before. Printed errors and failure as in the status circle in pinhole dashboard is Yellow, and when I enable it, it goes back to being yellow, and my settings don’t save. Here’s a screenshot of the log
https://i.postimg.cc/SKj9BGw8/Screen-Shot-2018-11-03-at-8-36-12-PM.png <https://i.postimg.cc/SKj9BGw8/Screen-Shot-2018-11-03-at-8-36-12-PM.png>
Can you confirm that the pihole/pihole:development is 345mb? For now I’m reverting back to the pihole/pihole:synology build (487mb), that one works perfectly.
And I'm not sure what you mean by testing the base image. Where do I type those commands?
… On Nov 3, 2018, at 8:14 PM, Adam Hill ***@***.***> wrote:
Not quite sure why you're getting the same error, I'm pretty sure the pam fix should've been included in what I pushed. Size being reduced is expected because I optimized it. Has anyone else tested development to confirm if it has the fix in it or not?
When you say you have the issue again do you mean just the printed errors in the log or the actual failure of functionality?
Could you test the base image?
sudo docker run -it --rm --net=host --entrypoint=bash pihole/debian-base -c 'useradd testuser; su testuser;'
then run id
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#243 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AkZ-elYrcct5WjjwOGS3SDr7jwcXvL-eks5urj9ggaJpZM4Su_3j>.
|
|
There's something up between docker hub/cloud and actual deployment. As the image shows the latest push was 3 days ago for an image of 162 MB. But a
|
|
Strange, so how can I get the latest pihole/pihole:development? So the size of the latest version should be 162MB? |
|
That 162 MB is the size of the final layer. So the actual size on disk for the end user is the base image size plus that final layer. The dockerfile is a pretty clean build so I wouldn't expect it to be more than 300MB final size on disk. What concerns me is that the history ( |
|
I see, so is there anything that I can do on my end to get the latest version? Or do I need to wait a few days and it should update?
… On Nov 3, 2018, at 9:00 PM, Dan Schaper ***@***.***> wrote:
That 162 MB is the size of the final layer. So the actual size on disk for the end user is the base image size plus that final layer. The dockerfile is a pretty clean build so I wouldn't expect it to be more than 300MB final size on disk. What concerns me is that the history (docker history pihole/pihole:development) shows the latest modifications to be 2 months ago while it was pushed 3 days ago. The history for latest seems to be fine however.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#243 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AkZ-emC1dyjSmUY7xXgN4exw4PL7NFxlks5urkpWgaJpZM4Su_3j>.
|
|
I don't think there's anything to do on the user end. If I get a chance I'll try to build an image and push it to the hub or if diginc gets to it first. I don't think it's an automated build yet but we can check. |
|
Okay, thanks! In that case I’ll continue using the pihole/pihole:synology until the development build finally reaches the docker registry
… On Nov 3, 2018, at 10:02 PM, Dan Schaper ***@***.***> wrote:
I don't think there's anything to do on the user end. If I get a chance I'll try to build an image and push it to the hub or if diginc gets to it first. I don't think it's an automated build yet but we can check.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#243 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AkZ-ehnjjljxxApM0tcLjndZnTkBqTACks5urli0gaJpZM4Su_3j>.
|
|
Hmm I tried cleaning up the As a work around for not being able to clean up the pointer to the old image, I just made |
|
Just tried the pihole/pihole:dev by launching a new container using network host pointing at my existing config (obviously not running both in parallel - /etc/resolv.conf, /etc/pihole, /etc/dnsmasq.d) - it didn't pickup my setupVars.conf. |
|
@diginc this one is working for me. It shows up as 290MB. Running just like it did previously. Thank you!
… On Nov 4, 2018, at 1:26 AM, Adam Hill ***@***.***> wrote:
Hmm I tried cleaning up the development tag and old manifest pointers but it seemed to refuse...This makes me wonder if it's any manifest that gets updated which has an issue.
As a work around for not being able to clean up the pointer to the old image, I just made :dev image tag instead of :development which appears to have pointed to the right images.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#243 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AkZ-etumYtwH3gJLLKK5QSKYJC7wQd2Gks5urpaigaJpZM4Su_3j>.
|
|
pihole/pihole:dev worked for me as well, no more error messages and I am able to modify and save configurations, black/white lists. |
|
Which one contains the latest fix for this issue? Still :dev or is it included in the latest 4.1.1? |
|
They should both be fixed and good |
|
Thanks @diginc. Unfortunately I seem to miss something. Kept my config since Pi-Hole 3 with the volumes and configs defined in http://tonylawrence.com/post/unix/synology/running-pihole-inside-docker/ also tried fresh setup with only basic setup taken ignoring my previous setupVars.conf.
Had upgraded from 4.0 to 4.1.1. with the same config with only change of network=bridge to network=host. At least for me the docker way of keeping configs in volumes and updating binaries only isn't working. Anything I need to reset in between. What puzzles me the most is that it seems that it's only me having issues indicating the problem being between chair and keyboard. :( |
|
I am running pihole in docker on my Synology's (4 atm: 2x ds1817+ and 2x 918+). Each of them is on the newest updates for DSM, Docker and Pi-Hole. After struggling around with getting pihole setup I finally managed to get it working. One of my Diskstations had Active Directory Controlle running for test purposes. If someone has a guide to run pihole on a Synology with activated AD that would be awesome. |
|
And dont get me wrong. I really appreciate the work you are doing. I am not complaining. I try to give you input since I really think pihole is an awesome solution for ad blocking. But atm the synology docker version is not running that smooth. And there are some essential guides missing. |
|
@doNmartinez A previous comment linked to a guide for running pihole on synology, and the updated version seems rather thorough: http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/ As for this issue, could you attach a bash shell to the pihole container and provide the output of: |
|
This issue has been mentioned on Pi-hole Userspace. There might be relevant details there: |
|
i ran into the same problem, is there a solution for it ? and no statistics on the website |
and others
Hello,
i got this error on my docker logs.
sudo: unable to send audit message: Operation not permittedIf i do anything on the WebUI i got this error.
My Setup:
Can any help me?
The text was updated successfully, but these errors were encountered: