Bug 439810
Summary: | [RHEL5 U2] dbus: Can't send to audit system: USER_AVC avc: | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeff Burke <jburke> | ||||||
Component: | dbus | Assignee: | David Zeuthen <davidz> | ||||||
Status: | CLOSED ERRATA | QA Contact: | desktop-bugs <desktop-bugs> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 5.2 | CC: | eparis, mclasen, mpoole, sgrubb | ||||||
Target Milestone: | rc | Keywords: | Regression | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://rhts.redhat.com/testlogs/18719/65692/558731/messages | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | RHBA-2008-0458 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-05-21 16:44:30 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Jeff Burke
2008-03-31 15:20:17 UTC
David, Do you have enough information to continue? I spoke with Steve Grubb on this issue. He had told me that this issue was fixed and it is now back again. Jeff > Do you have enough information to continue? I spoke with Steve Grubb on this
> issue. He had told me that this issue was fixed and it is now back again.
Maybe Steve assumed it was fixed in Fedora but not in RHEL? Looking through the
changelog the last change related to audit/SELinux was in the fall 2006. So I
don't think the fix was removed.
Either way, I assume it's about applying a patch to D-Bus. Steve, is it possible
you can elaborate exactly what patch is needed?
David, Dan added a patch in 1.1.2-5.fc8 to not attempt logging policy reloads if its the user's session bus since it does not have the necessary capabilities. Only the system bus should log audit messages. A clarification, Dan's patch should have taken care of any AVC and not just policy reloads - which is the most common. Yeah, that's what I remember. Just to be 100% clear, we're talking about this patch right? http://cvs.fedoraproject.org/viewcvs/rpms/dbus/F-8/dbus-1.1.2-audit-user.patch?rev=1.1&view=auto Thanks. Yes, but that patch depends on a little supporting code, too. The we_were_root variable is not in 1.0. I think if you add the code involving it, you have the complete fix. (In reply to comment #8) > Yes, but that patch depends on a little supporting code, too. The we_were_root > variable is not in 1.0. I think if you add the code involving it, you have the > complete fix. Is it possible you or someone with a detailed understanding of this can provide a patch that will apply and will work? I'm a bit scared that I will get it wrong, I'm not well-versed in this area of the dbus code. Created attachment 302331 [details]
session patch to send syslog message instead of audit message
I believe this is a far more critical error then first reported. I am now seeing that dbus can not send audit logs even from the system bus, which could potentially break CAPP requirements. dbus is dropping privs to CAP_AUDITWRITE but the kernel seems to be blocking the audit messages. Thanks for the patch. I'm adding the devack flag and will build new packages once all the ACK's are in place. *** Bug 280561 has been marked as a duplicate of this bug. *** Created attachment 302512 [details]
Fixed patch
This patch corrects both the userspace sending messages to /var/log/messages
instead of audit and allows system space to send audit messages
This patch is now in dbus-1.0.0-7.el5 http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1272598 Thanks. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0458.html |