Bug 709345

Summary: /sbin/auditctl -l returns 0 even if it fails due to dropped capabilities
Product: Red Hat Enterprise Linux 6 Reporter: Eduard Benes <ebenes>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: jwest, omoris
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: audit-2.1.3-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 13:20:08 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 584498, 730904, 846801, 846802    

Description Eduard Benes 2011-05-31 08:47:14 EDT
Description of problem:
auditctl -l returns 0 even if it fails due to dropperd capabilities.

Version-Release number of selected component (if applicable):
audit-2.1-5.el6

How reproducible:
always

Steps to Reproduce:
# capsh --drop=cap_dac_override,cap_audit_control --
# auditctl -l 
Error sending rule list data request (Operation not permitted)
# echo $?
0
  
Actual results:
Returns 0 even if the operation is not permitted

Expected results:
Non-zero value if the operation is not permitted

Additional info:
# auditctl -D
Error sending rule list data request (Operation not permitted)
# echo $?
255
# auditctl -a exit,always -F subj_clr=s0:c36,c446
Error sending status request (Operation not permitted)
Error sending add rule data request (Operation not permitted)
# echo $?
255
# auditctl -d exit,always -F subj_clr=s0:c36,c446
Error sending status request (Operation not permitted)
Error sending delete rule data request (Operation not permitted)
# echo $?
255
Comment 1 Steve Grubb 2011-06-01 14:25:35 EDT
Fixed in upstream commit:
https://fedorahosted.org/audit/changeset/539
Comment 4 RHEL Product and Program Management 2011-08-04 16:30:08 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 5 Steve Grubb 2011-08-15 16:50:41 EDT
This was addressed in audit-2.1.3-1.el6
Comment 9 errata-xmlrpc 2011-12-06 13:20:08 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1739.html