Bug 1120286 - ausearch -i does not display commas between categories
Summary: ausearch -i does not display commas between categories
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit
Version: 6.6
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Patrik Kis
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-16 16:01 UTC by Milos Malik
Modified: 2014-10-14 07:14 UTC (History)
1 user (show)

Fixed In Version: audit-2.3.7-4.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-10-14 07:14:55 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1515 normal SHIPPED_LIVE audit bug fix and enhancement update 2014-10-14 01:22:21 UTC

Description Milos Malik 2014-07-16 16:01:08 UTC
Description of problem:
 * if you run ausearch with -i parameter then commas are not displayed
subj=unconfined_u:unconfined_r:sandbox_t:s0:c510 c931
 * if you run ausearch without -i parameter then commas are displayed

Version-Release number of selected component (if applicable):

How reproducible:

Here is an audit record from /var/log/audit/audit.log:
type=AVC msg=audit(1405523880.601:4179): avc:  denied  { read } for  pid=20157 comm="bash" name="user20200" dev=vda3 ino=144202 scontext=unconfined_u:unconfined_r:sandbox_t:s0:c304,c875 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1405523880.601:4179): arch=c000003e syscall=2 success=no exit=-13 a0=87d750 a1=401 a2=180 a3=1b items=1 ppid=20156 pid=20157 auid=508 uid=508 gid=508 euid=508 suid=508 fsuid=508 egid=508 sgid=508 fsgid=508 tty=pts2 ses=395 comm="bash" exe="/bin/bash" subj=unconfined_u:unconfined_r:sandbox_t:s0:c304,c875 key=(null)
type=CWD msg=audit(1405523880.601:4179):  cwd="/nfs/staff/user20200"
type=PATH msg=audit(1405523880.601:4179): item=0 name="/u/user20200/.bash_history" nametype=UNKNOWN

Here is the same audit record after ausearch -i processing:
type=PATH msg=audit(07/16/2014 17:18:00.601:4179) : item=0 name=/u/user20200/.bash_history nametype=UNKNOWN 
type=CWD msg=audit(07/16/2014 17:18:00.601:4179) :  cwd=/nfs/staff/user20200 
type=SYSCALL msg=audit(07/16/2014 17:18:00.601:4179) : arch=x86_64 syscall=open success=no exit=-13(Permission denied) a0=0x87d750 a1=O_WRONLY|O_APPEND a2=0x180 a3=0x1b items=1 ppid=20156 pid=20157 auid=unknown(508) uid=unknown(508) gid=unknown(508) euid=unknown(508) suid=unknown(508) fsuid=unknown(508) egid=unknown(508) sgid=unknown(508) fsgid=unknown(508) tty=pts2 ses=395 comm=bash exe=/bin/bash subj=unconfined_u:unconfined_r:sandbox_t:s0:c304 c875 key=(null) 
type=AVC msg=audit(07/16/2014 17:18:00.601:4179) : avc:  denied  { read } for  pid=20157 comm=bash name=user20200 dev=vda3 ino=144202 scontext=unconfined_u:unconfined_r:sandbox_t:s0:c304 c875 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=lnk_file 

Expected results:
 * commas between categories are displayed in all cases

Comment 1 Steve Grubb 2014-07-20 14:45:04 UTC
Fixed in upstream commit 965.

Comment 3 Steve Grubb 2014-07-28 15:38:37 UTC
audit-2.3.7-4.el6 was built to resolve this issue.

Comment 6 Steve Grubb 2014-08-10 12:55:19 UTC
audit-2.3.7-5.el6 was built to correct this problem.

Comment 9 errata-xmlrpc 2014-10-14 07:14:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.