Bug 1940060

Summary: usbguard is not able to produce audit messages if running as a service
Product: Red Hat Enterprise Linux 8 Reporter: Dalibor Pospíšil <dapospis>
Component: usbguardAssignee: Attila Lakatos <alakatos>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: high Docs Contact: Jan Fiala <jafiala>
Priority: high    
Version: 8.4CC: alakatos, dapospis, jafiala, lmiksik, rsroka, zfridric
Target Milestone: rcKeywords: Regression, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: usbguard-1.0.0-2.el8 Doc Type: Bug Fix
Doc Text:
.USBGuard now can send Audit messages As part of service hardening, the capabilities of `usbguard.service` were limited while the `CAP_AUDIT_WRITE` capability was missing. As a consequence, `usbguard` running as a system service could not send Audit events. With this update, the service configuration has been updated, and as a result, USBGuard can send Audit messages.
 Story Points: ---
Clone Of:
: 1940510 1982105 (view as bug list) Environment:
Last Closed: 2021-05-18 16:12:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1940510, 1982105    

Description Dalibor Pospíšil 2021-03-17 14:22:00 UTC 
Description of problem:
usbguard is not able to produce audit messages if running as a service because the unit file does not define CAP_AUDIT_WRITE capability for the daemon.

Version-Release number of selected component (if applicable):
usbguard-0.7.8-5.el8
usbguard-1.0.0-1.el8

How reproducible:
100%

Steps to Reproduce:
1. set AuditBackend=LinuxAudit
2. start the service
3. check presence of the USER_DEVICE messages using ausearch

Actual results:
no audit messages

Expected results:
USER_DEVICE messages are issued

Additional info:
this is also required to fulfill CC requirements
Comment 26 errata-xmlrpc 2021-05-18 16:12:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (usbguard bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1931