Bug 174422 - nscd update for new audit messages
nscd update for new audit messages
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-28 16:42 EST by Steve Grubb
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.3.90-25
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-03 02:55:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch updating to new audit functionality (1.19 KB, patch)
2005-11-28 16:44 EST, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2005-11-28 16:42:49 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
The audit library is deprecating the function that is being used by nscd. This is because LSPP requires more information than is currently being logged.

Version-Release number of selected component (if applicable):
glibc-2.3.90-18

How reproducible:
Always

Steps to Reproduce:
1. Found by inspection
  

Additional info:
Comment 1 Steve Grubb 2005-11-28 16:44:13 EST
Created attachment 121562 [details]
patch updating to new audit functionality

Please review and apply.
Comment 2 Ulrich Drepper 2005-12-28 19:42:06 EST
I've added a slightly improved version of the patch.

But what is the FIXME about?  When will this be corrected?
Comment 3 Steve Grubb 2005-12-30 09:36:33 EST
Thanks for looking at this. I was hoping to bump the so number early in Jan with
the old functions removed. nscd is the only app that is holding that up.

In any event, the FIXME is that the user field in the audit message is being
filled in with getuid() which is the user id of nscd...rather than the user that
requested the action that violated the SE Linux policy.

I don't know the data structures being passed around in nscd (or se linux) to
correctly attribute the caller for the violation of the policy. My main
objective at this moment was simply to change the called function so that I can
bump the so number.

There is another fix needed for nscd. When it changes from root to the nscd
user, it needs to keep CAP_AUDIT_WRITE. I haven't added that patch yet since I'm
still refining the technique with dbus and newrole. If you would like to go
ahead and add it, I'd really appreciate it.
Comment 4 Ulrich Drepper 2005-12-30 11:20:59 EST
> I was hoping to bump the so number early in Jan with
> the old functions removed.

Why?  It is always bad to bump SONAMEs.


> I don't know the data structures being passed around in nscd (or se linux) to
> correctly attribute the caller for the violation of the policy.

The nscd side is trivial.  nscd_request_avc_has_perm can easily be passed the
UID of the other side.  We already compute it (sometimes) at the call side.  The
question is: how to pass it to the printing routine.  I guess it is called
through avc_has_perm.  If you figure this out it's easy enough to add.
Comment 5 Jakub Jelinek 2006-01-03 02:55:37 EST
glibc-2.3.90-25 should show up in rawhide today.

Note You need to log in before you can comment on or make changes to this bug.