Bug 224080 - LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend
LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend
Status: CLOSED DUPLICATE of bug 223919
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Brian Brock
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
Reported: 2007-01-23 17:57 EST by Amy Griffis
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-19 12:27:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Untested patch against lspp.63 kernel. (740 bytes, patch)
2007-01-23 18:46 EST, Amy Griffis
no flags Details | Diff

  None (edit)
Description Amy Griffis 2007-01-23 17:57:59 EST
Description of problem:

Audit does not log an obj label for the message queue for the mq_timedreceive
and mq_timedsend syscalls. Because MLS checks are performed for these
operations, audit must log the obj label in order to meet LSPP cert requirements.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. create a message queue with mq_open()
2. auditctl -a exit,always -S mq_timedsend
3. open the message queue with mq_open()
4. send a message via mq_timedsend()
Actual results:

type=SYSCALL msg=audit(1169592467.169:78417): arch=c000003e syscall=242
success=yes exit=0 a0=3 a1=4008f6 a2=b a3=1 items=0 ppid=3332 pid=29124 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
subj=staff_u:lspp_test_r:lspp_harness_t:s15 key=(null)
type=MQ_SENDRECV msg=audit(1169592467.169:78417): mqdes=3 msg_len=11 msg_prio=1
abs_timeout_sec=0 abs_timeout_nsec=0

Expected results:

Expect some additional records, e.g.:

type=CWD msg=audit(1169592467.169:78417): cwd="/usr/local/eal4_testing"
type=PATH msg=audit(1169592467.169:78417): item=1 name=(null) inode=168458
dev=00:0d mode=0100700 ouid=0 ogid=0 rdev=00:00

Additional info:
Comment 1 Amy Griffis 2007-01-23 18:46:56 EST
Created attachment 146378 [details]
Untested patch against lspp.63 kernel.
Comment 2 Irina Boverman 2007-01-24 11:05:28 EST
This is needed for LSPP certification.
Comment 3 Amy Griffis 2007-01-31 13:17:23 EST
I've just had a conversation with our evaluator, and he clarified that this is
not needed for LSPP certification after all. Bug #223919 is still needed.
Comment 4 Irina Boverman 2007-02-02 15:08:30 EST
I will remove it from the tracker (224041).
Comment 6 Steve Grubb 2007-02-02 15:26:29 EST
Please leave this in the tracker and 5.1
Comment 7 Irina Boverman 2007-02-02 15:46:46 EST
Ok, leaving it in the tracker and 5.1.
Comment 8 Irina Boverman 2007-02-14 15:53:41 EST
per 2/12 discussion, Amy is reworking this patch and will make it available for
review shortly.
Comment 9 Eric Paris 2007-02-19 12:27:45 EST
Since the patches for this and 223919 have been rolled together upstream I am
going to close this bug as a dup of 223919 and will add a notice there that the
testing footprint of 223919 should be made large enough to cover this as well.

*** This bug has been marked as a duplicate of 223919 ***

Note You need to log in before you can comment on or make changes to this bug.