Bug 226780 - LSPP: audit of writes to files of bin_t produces no records
LSPP: audit of writes to files of bin_t produces no records
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Grubb
Brian Brock
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
Reported: 2007-02-01 10:51 EST by Steve Grubb
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2007-0602
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 12:02:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2007-02-01 10:51:11 EST
Description of problem:
auditing writes to files of label bin_t do not seem to produce any records. (I
do not think its limited to bin_t, that's just the test case.)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
[root ~]# cp /bin/bash /bin/aubash
[root ~]# ls -Z /bin/aubash
-rwxr-xr-x  root root user_u:object_r:bin_t            /bin/aubash
[root ~]# auditctl -a exit,always -F perm=w -F obj_type=bin_t -F key=executable
[root ~]# echo "test" > /bin/aubash
[root ~]# cat /bin/aubash
[root ~]# ausearch --start recent -k executable
<no matches>

Expected results:
ausearch to have found a record.
Comment 1 Alexander Viro 2007-02-05 10:36:54 EST
OK, so far it looks like kernel gets empty permissions mask (instead
of -w-).  Either auditctl or kernel-side code that decodes userland
Comment 2 Steve Grubb 2007-02-05 12:56:27 EST
This problem was a missing case statement in libaudit...reassigning bug.
Comment 3 Irina Boverman 2007-02-14 16:13:19 EST
per 2/12 discussion, patch has been isolated, Steve will build new audit package
to test it.
Comment 5 Steve Grubb 2007-03-06 19:22:03 EST
audit package 1.3.1-2 was built to solve this problem.
Comment 9 errata-xmlrpc 2007-11-07 12:02:35 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.