Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Broken autrace -r on s390x|
|Product:||Red Hat Enterprise Linux 6||Reporter:||Eduard Benes <ebenes>|
|Component:||audit||Assignee:||Steve Grubb <sgrubb>|
|Status:||CLOSED ERRATA||QA Contact:||BaseOS QE Security Team <qe-baseos-security>|
|Fixed In Version:||audit-2.1-4.el6||Doc Type:||Bug Fix|
previously, the "autrace -r" command on the s390x architecture attempted to audit network syscalls not available on s390x. Consequently, an error similar to the following might have been returned: Error inserting audit rule for pid=13163 With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.
|Last Closed:||2011-05-19 09:55:43 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||682670, 584498, 846801, 846802|
Description Eduard Benes 2011-04-18 07:05:25 EDT
Created attachment 492856 [details] strace output of autrace -r /bin/ls on s390x Description of problem: Autrace fails to to add audit rules to trace a process on s390 in resource usage mode when it is set to limit syscalls collected to ones needed for analysing resource usage. Version-Release number of selected component (if applicable): audit-2.1-3.el6.s390x # uname -a Linux auto-s390-002.ss.eng.bos.redhat.com 2.6.32-128.el6.s390x #1 SMP Mon Mar 28 21:58:33 EDT 2011 s390x s390x s390x GNU/Linux How reproducible: always Steps to Reproduce: 1. # autrace -r /bin/ls 2. 3. Actual results: [root@auto-s390-002 ~]# autrace -r /bin/ls Error inserting audit rule for pid=13163 Expected results: Something like this # autrace -r /bin/ls Waiting to execute: /bin/ls ... Cleaning up... Trace complete. You can locate the records with 'ausearch -i -p 30207' Additional info: Works as expected without the resource usage mode # autrace /bin/ls /tmp ... Cleaning up... Trace complete. You can locate the records with 'ausearch -i -p 13192'
Comment 1 Steve Grubb 2011-04-18 08:14:44 EDT
Fixed upstream in this commit: https://fedorahosted.org/audit/changeset/518
Comment 5 Steve Grubb 2011-04-20 11:01:30 EDT
audit-2.1-4.el6 was built to resolve this problem.
Comment 10 errata-xmlrpc 2011-05-19 09:55:43 EDT
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0653.html