Bug 158011

Summary: audit log has "type=(null) msg=(null)"
Product: [Fedora] Fedora Reporter: Thomas J. Baker <tjb>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: notting
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-18 18:57:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Thomas J. Baker 2005-05-17 19:29:28 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4

Description of problem:
Not sure what this should be filed against but...

Clean install of fc4t3 + rawhide updates as of 5/16/2005 on an 64 bit smp xeon system. I get messages in my /var/log/audit/audit.log like this:

type=(null) msg=(null)
type=(null) msg=(null)
type=(null) msg=(null)
type=(null) msg=(null)
type=(null) msg=(null)
type=(null) msg=(null)
type=(null) msg=(null)

I've tried relabling but that hasn't fixed it. I know I can trigger the above messages just by trying to start dovecot from the /etc/init.d/dovecot script. (Strangely, if I just run 'dovecot' as root, it starts.)

Version-Release number of selected component (if applicable):
kernel-smp-2.6.11-1.1305_FC4, selinux-policy-targeted-1.23.14-2

How reproducible:

Steps to Reproduce:
1. install dovecot
2. try to start it

Actual Results:  Null error messages in /var/log/audit/audit.log

Expected Results:  meaningful audit messages?

Additional info:

Comment 1 Thomas J. Baker 2005-05-17 19:56:59 UTC
May 17th updates don't fix it either. (I thought maybe the libsepol updates
might have helped.)

Comment 2 Steve Grubb 2005-05-18 11:55:44 UTC
This is a known issue. The kernel has message types that the audit system didn't
understand. audit 0.8.1 was put into the build system yesterday to fix this.
Please upgrade to it when its available. If you want to build the package
yourself, you can find it at people.redhat.com/sgrubb/audit. Hope this helps.

Comment 3 Thomas J. Baker 2005-05-18 18:56:34 UTC
It missed today's rawhide so I rebuilt it myself and it works. Thanks.

Comment 4 Steve Grubb 2005-05-18 21:24:18 UTC
*** Bug 158130 has been marked as a duplicate of this bug. ***