Description of problem: This is a small fixer-upper that is needed. The ipsec audit record is missing a space between printing the src and dst ipv6 addresses. As a result it is like a run on sentence and may cause problems for userspace audit tools that parse on attributes in an audit record. Version-Release number of selected component (if applicable): lspp 68 kernel Actual results: type=MAC_IPSEC_DELSA msg=audit(1173991192.663:3155): SAD delete: auid=4294967295 subj=system_u:system_r:kernel_t:s15:c0.c1023 sec_alg=1 sec_doi=1 sec_obj=ealuser_u:sysadm_r:sysadm_t:s0-s15:c0.c1023 src=fc00:0000:0000:0105:0000:0000:0000:0064dst=fc00:0000:0000:0105:0000:0000:0000:0035 spi=0(0x0) protocol=ESP res=1 ^^ Expected results: type=MAC_IPSEC_DELSA msg=audit(1173991192.663:3155): SAD delete: auid=4294967295 subj=system_u:system_r:kernel_t:s15:c0.c1023 sec_alg=1 sec_doi=1 sec_obj=ealuser_u:sysadm_r:sysadm_t:s0-s15:c0.c1023 src=fc00:0000:0000:0105:0000:0000:0000:0064 dst=fc00:0000:0000:0105:0000:0000:0000:0035 spi=0(0x0) protocol=ESP res=1 Additional Info: Will attach patch shortly.
Created attachment 150446 [details] Patch to fix this problem. I have also sent this patch to netdev.org.
Patch was included in lspp.71 kernel. Joy, does the kernel messages look Ok now?
Tested this in the 72 kernel and it looks good. Tested successfully.
in 2.6.18-27.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5
A fix for this issue should have been included in the packages contained in the RHEL5.1-Snapshot3 on partners.redhat.com. Requested action: Please verify that your issue is fixed as soon as possible to ensure that it is included in this update release. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to FAILS_QA. More assistance: If you cannot access bugzilla, please reply with a message to Issue Tracker and I will change the status for you. If you need assistance accessing ftp://partners.redhat.com, please contact your Partner Manager.
A fix for this issue should have been included in the packages contained in the RHEL5.1-Snapshot4 on partners.redhat.com. Requested action: Please verify that your issue is fixed *as soon as possible* to ensure that it is included in this update release. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to FAILS_QA. If you cannot access bugzilla, please reply with a message to Issue Tracker and I will change the status for you. If you need assistance accessing ftp://partners.redhat.com, please contact your Partner Manager.
A fix for this issue should have been included in the packages contained in the RHEL5.1-Snapshot6 on partners.redhat.com. Requested action: Please verify that your issue is fixed ASAP to confirm that it will be included in this update release. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to FAILS_QA. If you cannot access bugzilla, please reply with a message to Issue Tracker and I will change the status for you. If you need assistance accessing ftp://partners.redhat.com, please contact your Partner Manager.
A fix for this issue should have been included in the packages contained in the RHEL5.1-Snapshot7 on partners.redhat.com. Requested action: Please verify that your issue is fixed ASAP to confirm that it will be included in this update release. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to FAILS_QA. If you cannot access bugzilla, please reply with a message to Issue Tracker and I will change the status for you. If you need assistance accessing ftp://partners.redhat.com, please contact your Partner Manager.
A fix for this issue should be included in the packages contained in RHEL5.1-Snapshot8--available now on partners.redhat.com. IMPORTANT: This is the last opportunity to confirm that your issue is fixed in the RHEL5.1 update release. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to FAILS_QA. If you cannot access bugzilla, please reply with a message to Issue Tracker and I will change the status for you. If you need assistance accessing ftp://partners.redhat.com, please contact your Partner Manager.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0959.html