Bug 1662516
Summary: | Problem with script 31-privileged.rules | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexander W. Janssen <alexander.janssen> | ||||
Component: | audit | Assignee: | Steve Grubb <sgrubb> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 29 | CC: | alexander.janssen, sgrubb | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-01-03 16:22:42 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Thanks for pointing this out. Fix in upstream commit 7c03224. I am going to close this bz report. Thanks for pointing out the problem. A fix will be in the next release. If you see any other problems, please let me know. |
Created attachment 1517324 [details] Patch to fix 31-privileged.rules Description of problem: The provided script /usr/share/doc/audit/rules/31-privileged.rules which is used to generate system-specific rules contains errors while awk is generating a rule by parsing the output of filecap. Version-Release number of selected component (if applicable): audit-3.0-0.5.20181218gitbdb72c0.fc29.x86_64 How reproducible: Always Steps to Reproduce: 1. Pick on of the filecap commands from 31-privileged.rules and run 2. Observe that -F path=$x is not the path, but the string "effective"/"permitted" (etc) Actual results: The following example statement is being used, resulting in an invalid audit rule: # filecap /usr/bin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $1 }' | head -1 -a always,exit -F path=effective -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged Expected results: # filecap /usr/bin 2>/dev/null | sed '1d' | awk '{ printf "-a always,exit -F path=%s -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged\n", $2 }' | head -1 -a always,exit -F path=/usr/bin/dumpcap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged Additional info: The provided mini-patch, which simply replaces $1 by $2 for all filecap-calls fixes the problem.