Bug 1120286 - ausearch -i does not display commas between categories
Summary: ausearch -i does not display commas between categories
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit
Version: 6.6
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Patrik Kis
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-16 16:01 UTC by Milos Malik
Modified: 2014-10-14 07:14 UTC (History)
1 user (show)

Fixed In Version: audit-2.3.7-4.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-14 07:14:55 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1515 normal SHIPPED_LIVE audit bug fix and enhancement update 2014-10-14 01:22:21 UTC

Description Milos Malik 2014-07-16 16:01:08 UTC 
Description of problem:
 * if you run ausearch with -i parameter then commas are not displayed
subj=unconfined_u:unconfined_r:sandbox_t:s0:c510 c931
 * if you run ausearch without -i parameter then commas are displayed
subj=unconfined_u:unconfined_r:sandbox_t:s0:c510,c931

Version-Release number of selected component (if applicable):
audispd-plugins-2.3.7-3.el6
audit-2.3.7-3.el6
audit-libs-2.3.7-3.el6
audit-libs-python-2.3.7-3.el6

How reproducible:
always

Here is an audit record from /var/log/audit/audit.log:
----
type=AVC msg=audit(1405523880.601:4179): avc:  denied  { read } for  pid=20157 comm="bash" name="user20200" dev=vda3 ino=144202 scontext=unconfined_u:unconfined_r:sandbox_t:s0:c304,c875 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1405523880.601:4179): arch=c000003e syscall=2 success=no exit=-13 a0=87d750 a1=401 a2=180 a3=1b items=1 ppid=20156 pid=20157 auid=508 uid=508 gid=508 euid=508 suid=508 fsuid=508 egid=508 sgid=508 fsgid=508 tty=pts2 ses=395 comm="bash" exe="/bin/bash" subj=unconfined_u:unconfined_r:sandbox_t:s0:c304,c875 key=(null)
type=CWD msg=audit(1405523880.601:4179):  cwd="/nfs/staff/user20200"
type=PATH msg=audit(1405523880.601:4179): item=0 name="/u/user20200/.bash_history" nametype=UNKNOWN
----

Here is the same audit record after ausearch -i processing:
----
type=PATH msg=audit(07/16/2014 17:18:00.601:4179) : item=0 name=/u/user20200/.bash_history nametype=UNKNOWN 
type=CWD msg=audit(07/16/2014 17:18:00.601:4179) :  cwd=/nfs/staff/user20200 
type=SYSCALL msg=audit(07/16/2014 17:18:00.601:4179) : arch=x86_64 syscall=open success=no exit=-13(Permission denied) a0=0x87d750 a1=O_WRONLY|O_APPEND a2=0x180 a3=0x1b items=1 ppid=20156 pid=20157 auid=unknown(508) uid=unknown(508) gid=unknown(508) euid=unknown(508) suid=unknown(508) fsuid=unknown(508) egid=unknown(508) sgid=unknown(508) fsgid=unknown(508) tty=pts2 ses=395 comm=bash exe=/bin/bash subj=unconfined_u:unconfined_r:sandbox_t:s0:c304 c875 key=(null) 
type=AVC msg=audit(07/16/2014 17:18:00.601:4179) : avc:  denied  { read } for  pid=20157 comm=bash name=user20200 dev=vda3 ino=144202 scontext=unconfined_u:unconfined_r:sandbox_t:s0:c304 c875 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=lnk_file 
----

Expected results:
 * commas between categories are displayed in all cases
Comment 1 Steve Grubb 2014-07-20 14:45:04 UTC 
Fixed in upstream commit 965.
Comment 3 Steve Grubb 2014-07-28 15:38:37 UTC 
audit-2.3.7-4.el6 was built to resolve this issue.
Comment 6 Steve Grubb 2014-08-10 12:55:19 UTC 
audit-2.3.7-5.el6 was built to correct this problem.
Comment 9 errata-xmlrpc 2014-10-14 07:14:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1515.html
Note You need to log in before you can comment on or make changes to this bug.