Bug 126438 - seaudit gains an hour.....
seaudit gains an hour.....
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: setools (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-21 13:38 EDT by Tom London
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: setools-gui-1.4.1-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-19 19:10:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom London 2004-06-21 13:38:20 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
Actually setools-gui-1.4-3.

Running seaudit with 'monitor mode' enabled, it seems that after the
first non-trivial log refresh that the displayed time advances by one
hour.

So, when it start up, the timestamps are valid. After first additional
messages are added to /var/log/messages, all the displayed timestamps
advance by one hour.  The times in /var/log/messages are correct.

[In case it matters, I'm in PDT.]

Version-Release number of selected component (if applicable):
setools-1.4-3

How reproducible:
Always

Steps to Reproduce:
1. start seaudit.  observe timestamps
2. enable 'monitor mode'
3. after additional AVCs posted to log, observe timestamps change
    

Additional info:
Comment 1 Tom London 2004-06-28 16:47:55 EDT
I found the problem....

seaudit/libseaudit do not seem to set correctly the tm_isdst element
for the times from the log, so strftime()/strptime() get confused.

These sources are from setools-1.4.tgz.  I did not apply
setools-rhat.patch.

[the initializing call to tzset() probably could be moved earlier, and
then you could remove the test....]

All my systems are now FC2, so I can't tell if this bug only affects
FC2.  Probably needs to be fixed in the tresys tree....

diff -c libseaudit/auditlog.c ../setools-1.4a/libseaudit/auditlog.c
*** libseaudit/auditlog.c       2004-06-02 10:44:12.000000000 -0700
--- ../setools-1.4a/libseaudit/auditlog.c       2004-06-28
13:04:11.532908855 -0700
***************
*** 304,309 ****
--- 304,311 ----
        return NULL;
  }
   
+ static int daylight_set = 0;
+
  static msg_t* msg_create(void)
  {
        msg_t *new;
***************
*** 321,326 ****
--- 323,333 ----
                return NULL;
        }
        memset(new->date_stamp, 0, sizeof(struct tm));
+       if ( !daylight_set ) {
+         tzset();
+         daylight_set = 1;
+       }
+       new->date_stamp->tm_isdst = (!daylight ? 0 : 1);
        return new;
  }
   

diff -c libseaudit/parse.c ../setools-1.4a/libseaudit/parse.c
*** libseaudit/parse.c  2004-06-02 10:44:13.000000000 -0700
--- ../setools-1.4a/libseaudit/parse.c  2004-06-28 13:12:42.275903469
-0700
***************
*** 207,214 ****
--- 207,216 ----
        time = strcat(time, tokens[*position]);
      
        if (!msg->date_stamp) {
+               extern int daylight;
                if ((msg->date_stamp = (struct tm*)
malloc(sizeof(struct tm))) == NULL)
                        return PARSE_RET_MEMORY_ERROR;
+               msg->date_stamp->tm_isdst = (daylight==0 ? 0 : 1);
        }
   
        if (!strptime(time, "%b %d %T", msg->date_stamp)) {
Comment 2 Don Patterson 2004-06-30 13:56:42 EDT
We here at Tresys are aware of this bug and will get a patch out to 
you soon. 

Don Patterson
Tresys Technology
www.tresys.com
Comment 3 Tom London 2004-07-19 19:10:20 EDT
Appears fixed in setools-gui-1.4.1-1

Note You need to log in before you can comment on or make changes to this bug.