224080 – LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend

Bug 224080 - LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend

Summary: LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend

Keywords:
Status:	CLOSED DUPLICATE of bug 223919
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Eric Paris
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL5LSPPCertTracker
TreeView+	depends on / blocked

Reported:	2007-01-23 22:57 UTC by Amy Griffis
Modified:	2007-11-30 22:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-02-19 17:27:45 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Untested patch against lspp.63 kernel. (740 bytes, patch) 2007-01-23 23:46 UTC, Amy Griffis	no flags	Details \| Diff
View All

Description Amy Griffis 2007-01-23 22:57:59 UTC

Description of problem:

Audit does not log an obj label for the message queue for the mq_timedreceive
and mq_timedsend syscalls. Because MLS checks are performed for these
operations, audit must log the obj label in order to meet LSPP cert requirements.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. create a message queue with mq_open()
2. auditctl -a exit,always -S mq_timedsend
3. open the message queue with mq_open()
4. send a message via mq_timedsend()
  
Actual results:

type=SYSCALL msg=audit(1169592467.169:78417): arch=c000003e syscall=242
success=yes exit=0 a0=3 a1=4008f6 a2=b a3=1 items=0 ppid=3332 pid=29124 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="do_mq_timedsend"
exe="/usr/local/eal4_testing/do_mq_timedsend"
subj=staff_u:lspp_test_r:lspp_harness_t:s15 key=(null)
type=MQ_SENDRECV msg=audit(1169592467.169:78417): mqdes=3 msg_len=11 msg_prio=1
abs_timeout_sec=0 abs_timeout_nsec=0

Expected results:

Expect some additional records, e.g.:

type=CWD msg=audit(1169592467.169:78417): cwd="/usr/local/eal4_testing"
type=PATH msg=audit(1169592467.169:78417): item=1 name=(null) inode=168458
dev=00:0d mode=0100700 ouid=0 ogid=0 rdev=00:00
obj=staff_u:object_r:lspp_test_generic_tmpfs_t:s15:c0.c1023

Additional info:

Comment 1 Amy Griffis 2007-01-23 23:46:56 UTC

Created attachment 146378 [details]
Untested patch against lspp.63 kernel.

Comment 2 Irina Boverman 2007-01-24 16:05:28 UTC

This is needed for LSPP certification.

Comment 3 Amy Griffis 2007-01-31 18:17:23 UTC

I've just had a conversation with our evaluator, and he clarified that this is
not needed for LSPP certification after all. Bug #223919 is still needed.

Comment 4 Irina Boverman 2007-02-02 20:08:30 UTC

I will remove it from the tracker (224041).

Comment 6 Steve Grubb 2007-02-02 20:26:29 UTC

Please leave this in the tracker and 5.1

Comment 7 Irina Boverman 2007-02-02 20:46:46 UTC

Ok, leaving it in the tracker and 5.1.

Comment 8 Irina Boverman 2007-02-14 20:53:41 UTC

per 2/12 discussion, Amy is reworking this patch and will make it available for
review shortly.

Comment 9 Eric Paris 2007-02-19 17:27:45 UTC

Since the patches for this and 223919 have been rolled together upstream I am
going to close this bug as a dup of 223919 and will add a notice there that the
testing footprint of 223919 should be made large enough to cover this as well.

*** This bug has been marked as a duplicate of 223919 ***

Note You need to log in before you can comment on or make changes to this bug.