Bug 697463
| Summary: | Broken autrace -r on s390x | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Eduard Benes <ebenes> | ||||
| Component: | audit | Assignee: | Steve Grubb <sgrubb> | ||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 6.1 | ||||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | s390x | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | audit-2.1-4.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: |
previously, the "autrace -r" command on the s390x architecture attempted to audit network syscalls not available on s390x. Consequently, an error similar to the following might have been returned:
Error inserting audit rule for pid=13163
With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-05-19 13:55:43 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 584498, 682670, 846801, 846802 | ||||||
| Attachments: |
|
||||||
Fixed upstream in this commit: https://fedorahosted.org/audit/changeset/518 audit-2.1-4.el6 was built to resolve this problem. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0653.html |
Created attachment 492856 [details] strace output of autrace -r /bin/ls on s390x Description of problem: Autrace fails to to add audit rules to trace a process on s390 in resource usage mode when it is set to limit syscalls collected to ones needed for analysing resource usage. Version-Release number of selected component (if applicable): audit-2.1-3.el6.s390x # uname -a Linux auto-s390-002.ss.eng.bos.redhat.com 2.6.32-128.el6.s390x #1 SMP Mon Mar 28 21:58:33 EDT 2011 s390x s390x s390x GNU/Linux How reproducible: always Steps to Reproduce: 1. # autrace -r /bin/ls 2. 3. Actual results: [root@auto-s390-002 ~]# autrace -r /bin/ls Error inserting audit rule for pid=13163 Expected results: Something like this # autrace -r /bin/ls Waiting to execute: /bin/ls ... Cleaning up... Trace complete. You can locate the records with 'ausearch -i -p 30207' Additional info: Works as expected without the resource usage mode # autrace /bin/ls /tmp ... Cleaning up... Trace complete. You can locate the records with 'ausearch -i -p 13192'