|Summary:||LSPP: Add audit rule bit operators patch|
|Product:||Red Hat Enterprise Linux 5||Reporter:||Steve Grubb <sgrubb>|
|Component:||audit||Assignee:||Steve Grubb <sgrubb>|
|Status:||CLOSED ERRATA||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||RHBA-2007-0602||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-11-07 17:03:24 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||232967|
Description Steve Grubb 2007-03-20 20:01:33 UTC
+++ This bug was initially created as a clone of Bug #232967 +++ Description of problem: There is not good way to audit syscalls that have bit mapped options. A patch was sent to the linux-audit mail list adding this capability. This is not strictly required for LSPP, but helps customers. This bz is to track the user space piece of it.
Comment 2 Steve Grubb 2007-03-21 00:48:05 UTC
The patch introduces the mask and bit test operators for creating audit rules. For example, if you wanted to audit chmod syscalls that change a file to be executable, with this patch applied you would do this: auditctl -a always,entry -S chmod -F arg1&0111 As its is now, you would have to audit all chmods and search for the ones that have the execute bit set...this is wasteful to say the least. audit-1.5.1 already has this capability, this is a backport.
Comment 4 Eric Paris 2007-03-26 20:39:33 UTC
Stated not required for evaluation. Steve, can we remove the LSPP whiteboard mark so it doesn't come up on list and won't be considered a blocker?
Comment 5 Steve Grubb 2007-03-27 21:25:28 UTC
The lspp.70 kernel tests good with the patch included.
Comment 9 errata-xmlrpc 2007-11-07 17:03:24 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0602.html