Red Hat Bugzilla – Bug 216244
[labeled networking] NetLabel emits audit messages when syscall auditing is disabled
Last modified: 2007-11-30 17:07:37 EST
Description of problem:
NetLabel emits audit messages even when syscall auditing is disabled, i.e.
'auditctl -e 0'. A patch has been introduced upstream which addresses this problem.
Version-Release number of selected component (if applicable):
All NetLabel enabled kernels
Steps to Reproduce:
1. auditctl -e 0
2. cat /dev/null > /var/log/audit/audit.log
3. netlabelctl -p unlbl accept on
4. grep "MAC_UNLBL_ALLOW" /var/log/audit/audit.log
You will see the following audit message:
type=MAC_UNLBL_ALLOW msg=audit(1163723958.855:43): netlabel: auid=0
subj=root:sysadm_r:sysadm_t:s0-s15:c0.c1023 unlbl_accept=1 old=1
No audit message should be seen in the audit log.
QE ack for RHEL5.
A package has been built which should help the problem described in
this bug report. This report is therefore being closed with a resolution
of CURRENTRELEASE. You may reopen this bug report if the solution does
not work for you.