Bug 224080

Summary: LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend
Product: Red Hat Enterprise Linux 5 Reporter: Amy Griffis <amy.griffis>
Component: kernelAssignee: Eric Paris <eparis>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: iboverma, klaus, krisw, linda.knippers, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-19 17:27:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 224041    
Attachments:
Description Flags
Untested patch against lspp.63 kernel. none

Description Amy Griffis 2007-01-23 22:57:59 UTC 
Description of problem:

Audit does not log an obj label for the message queue for the mq_timedreceive
and mq_timedsend syscalls. Because MLS checks are performed for these
operations, audit must log the obj label in order to meet LSPP cert requirements.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. create a message queue with mq_open()
2. auditctl -a exit,always -S mq_timedsend
3. open the message queue with mq_open()
4. send a message via mq_timedsend()
  
Actual results:

type=SYSCALL msg=audit(1169592467.169:78417): arch=c000003e syscall=242
success=yes exit=0 a0=3 a1=4008f6 a2=b a3=1 items=0 ppid=3332 pid=29124 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="do_mq_timedsend"
exe="/usr/local/eal4_testing/do_mq_timedsend"
subj=staff_u:lspp_test_r:lspp_harness_t:s15 key=(null)
type=MQ_SENDRECV msg=audit(1169592467.169:78417): mqdes=3 msg_len=11 msg_prio=1
abs_timeout_sec=0 abs_timeout_nsec=0

Expected results:

Expect some additional records, e.g.:

type=CWD msg=audit(1169592467.169:78417): cwd="/usr/local/eal4_testing"
type=PATH msg=audit(1169592467.169:78417): item=1 name=(null) inode=168458
dev=00:0d mode=0100700 ouid=0 ogid=0 rdev=00:00
obj=staff_u:object_r:lspp_test_generic_tmpfs_t:s15:c0.c1023

Additional info:
Comment 1 Amy Griffis 2007-01-23 23:46:56 UTC 
Created attachment 146378 [details]
Untested patch against lspp.63 kernel.
Comment 2 Irina Boverman 2007-01-24 16:05:28 UTC 
This is needed for LSPP certification.
Comment 3 Amy Griffis 2007-01-31 18:17:23 UTC 
I've just had a conversation with our evaluator, and he clarified that this is
not needed for LSPP certification after all. Bug #223919 is still needed.
Comment 4 Irina Boverman 2007-02-02 20:08:30 UTC 
I will remove it from the tracker (224041).
Comment 6 Steve Grubb 2007-02-02 20:26:29 UTC 
Please leave this in the tracker and 5.1
Comment 7 Irina Boverman 2007-02-02 20:46:46 UTC 
Ok, leaving it in the tracker and 5.1.
Comment 8 Irina Boverman 2007-02-14 20:53:41 UTC 
per 2/12 discussion, Amy is reworking this patch and will make it available for
review shortly.
Comment 9 Eric Paris 2007-02-19 17:27:45 UTC 
Since the patches for this and 223919 have been rolled together upstream I am
going to close this bug as a dup of 223919 and will add a notice there that the
testing footprint of 223919 should be made large enough to cover this as well.

*** This bug has been marked as a duplicate of 223919 ***