Bug 126515 - AVCs: format errors, blank fields, ...
AVCs: format errors, blank fields, ...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-22 14:41 EDT by Tom London
Modified: 2015-01-04 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-14 01:50:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Logged AVCs with blanks/formatting issues (10.52 KB, text/plain)
2004-06-22 14:42 EDT, Tom London
no flags Details

  None (edit)
Description Tom London 2004-06-22 14:41:42 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
When running with strict policy (both enforcing and permissive)
AVCs are sometimes logged 'incorrectly': alignment is funny,
blank/missing fields, etc.

Here is an example:

Jun 21 14:20:30 dell kernel:                                         
    audit(1087852830.344:0): avc:  denied  { write } for  pid=13411
exe=/usr/sbin/privoxy
  

In this example, there are 97 blank characters after 'kernel:', 
and notice the missing name, scontext, tcontext and tclass fields.
(other examples have more blanks).  

See attachment for grep'ed entries from /var/log/messages*


Version-Release number of selected component (if applicable):
kernel-2.6.7-1.441 (and earlier)

How reproducible:
Sometimes

Steps to Reproduce:
1. configure mozilla to use privoxy (localhost:8118)
2. try to edit/modify user.actions through web interface
3. try "grep '         ' /var/log/messages*"

Additional info:
Comment 1 Tom London 2004-06-22 14:42:47 EDT
Created attachment 101337 [details]
Logged AVCs with blanks/formatting issues
Comment 2 Tom London 2004-07-22 15:18:11 EDT
I've noticed this again with kernel-2.6.7-1.494.  Here are the avcs:

Jul 22 12:05:18 fedora sshd(pam_unix)[13899]: session opened for user
root by (uid=0)
Jul 22 12:05:18 fedora kernel:                                       
                                                         
audit(1090523118.784:0): avc:  denied  { transition } for  pid=13899
exe=/usr/sbin/sshd Jul 22 12:05:26 fedora sshd(pam_unix)[13902]:
session opened for user root by (uid=0)
Jul 22 12:05:26 fedora kernel:                                       
                                                         
audit(1090523126.143:0): avc:  denied  { transition } for  pid=13902
exe=/usr/sbin/sshd 
Comment 3 Dave Jones 2005-01-14 00:17:19 EST
this should be fixed in the latest 2.6.10 updates ?
Comment 4 Tom London 2005-01-14 01:35:09 EST
I checked my logrotated logs and can find no occurrences ....

I believe the last time I noticed this was at least a few months ago.

Note You need to log in before you can comment on or make changes to this bug.