Bug 130180
Summary: | Audit option to disable auditing of 32b processes on ia64 platforms | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Peter Martuccelli <peterm> |
Component: | kernel | Assignee: | Peter Martuccelli <peterm> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | jbaron, petrides, riel |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | ia64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-12-20 20:55:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Peter Martuccelli
2004-08-17 19:03:34 UTC
A clarification - the requirement for the evaluation is that there needs to be an interface to disable *execution* of 32bit binaries on ia64 in the evaluated configuration. This is intended to be a runtime switch in /proc/sys/dev/audit/ with 32bit execution being enabled by default. The reason for this change is that the audit code on the ia64 platform has several known issues which prevent correct auditing of system calls made by 32bit binaries. Having a system call interface available which would let users bypass the audit subsystem would be unacceptable for the evaluation. Patches to fix most of the known issues are available, but the resources to properly verify the correctness of the audit records to EAL3 requirements are not, so the 32bit mode must be disabled for the evaluated configuration for processes that would need to be audited. Note that the sysadmin can configure unaudited processes (i.e. a database running as a daemon service) that can then still run in 32bit mode in the evaluated configuration. Also, the evaluated configuration only needs the *capability* to provide reliable audit, but the admin is permitted to disable audit completely while remaining in an evaluated configuration. A fix for this problem has just been committed to the RHEL3 U4 patch pool this evening (in kernel version 2.4.21-20.6.EL). An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-550.html |