Bug 165611
Summary: | initscript shutdown, hwclock, and auditing | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Grubb <sgrubb> |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED WONTFIX | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | djuran, linda.knippers, lsof, ma, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-17 18:55:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 150221 |
Description
Steve Grubb
2005-08-10 19:49:00 UTC
How can we be sure that more of these won't come later? Is it possible for the audit system to disable printing to console on exit? The issue is that changes to the hardware clock is an auditable event in CAPP and LSPP. We are missing that event because the clock sync occurs after the audit daemon has been terminated. There may be other audit messages that hit the screen on shutdown, but they probably aren't in the security target like hwclock adjustment. The audit daemon could do something with dmesg to quieten messages that hit the screen, but something important not related to auditing might get suppressed. The problem is that creating a separate script *just* for syncing the clock is certainly way too much overkill; realistically, it's at the proper place now. I was thinking this is just re-ordering what is in /etc/rc.d/init.d/halt. That's all. The reason that this needs to be done is not because of getting rid of messages to the console (although people would like that), its about getting the sync done while the audit damon is alive so that the event is properly recorded. All changes to hwclock is an auditable event in CAPP security targets. I have been considering adding this to U3 proposed since its a hole in auditing right now. Just moving it? You're implying that audit doesn't die when you shut down the service, only when the killall command in halt is run? I spoke with Klaus of atsec about this bug report. He said that if we have not wrote any code at this point, not to worry about it. He feels this is in the nice to have category and can be explained away in Security Targets. So...if no code has been written, this bug report can be closed. Hasn't been changed yet, so closing. *** Bug 210929 has been marked as a duplicate of this bug. *** Well it's nice that it's closed, but it looks like something is going wrong, which is why I files bug 210929. The Fedora wiki states that all AVC messages for software installed by default are blockers, so I find it odd that this gets swept under the carpet. *** Bug 251213 has been marked as a duplicate of this bug. *** I have the same opinion as lsof. It should be fixed as stated in the wiki. And more than 2 years to fix a "nice to have" bug in that all users run when shutting down their system are a lot, honestly. |