Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 232524

Summary: LSPP: the audit record for ipsec when printing ipv6 addresses needs a correction.
Product: Red Hat Enterprise Linux 5 Reporter: Joy Latten <latten>
Component: kernelAssignee: Eric Paris <eparis>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: dzickus, eparis, iboverma, krisw, linda.knippers, poelstra, sgrubb
Target Milestone: ---Keywords: OtherQA
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0959 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 19:44:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 224041, 234654    
Attachments:
Description Flags
Patch to fix this problem. none

Description Joy Latten 2007-03-15 23:11:46 UTC 
Description of problem:
This is a small fixer-upper that is needed.
The ipsec audit record is missing a space between printing the 
src and dst ipv6 addresses. As a result it is like a run on sentence
and may cause problems for userspace audit tools that parse on attributes in an
audit record.

Version-Release number of selected component (if applicable):
lspp 68 kernel

Actual results:
type=MAC_IPSEC_DELSA msg=audit(1173991192.663:3155): SAD delete: auid=4294967295
subj=system_u:system_r:kernel_t:s15:c0.c1023 sec_alg=1 sec_doi=1
sec_obj=ealuser_u:sysadm_r:sysadm_t:s0-s15:c0.c1023
src=fc00:0000:0000:0105:0000:0000:0000:0064dst=fc00:0000:0000:0105:0000:0000:0000:0035
spi=0(0x0) protocol=ESP res=1             ^^    

Expected results:
type=MAC_IPSEC_DELSA msg=audit(1173991192.663:3155): SAD delete: auid=4294967295
subj=system_u:system_r:kernel_t:s15:c0.c1023 sec_alg=1 sec_doi=1
sec_obj=ealuser_u:sysadm_r:sysadm_t:s0-s15:c0.c1023
src=fc00:0000:0000:0105:0000:0000:0000:0064
dst=fc00:0000:0000:0105:0000:0000:0000:0035 spi=0(0x0) protocol=ESP res=1

Additional Info:
Will attach patch shortly.
Comment 1 Joy Latten 2007-03-20 00:32:52 UTC 
Created attachment 150446 [details]
Patch to fix this problem.

I have also sent this patch to netdev.org.
Comment 2 Steve Grubb 2007-03-30 18:38:06 UTC 
Patch was included in lspp.71 kernel. Joy, does the kernel messages look Ok now?
Comment 3 Joy Latten 2007-04-02 15:40:35 UTC 
Tested this in the 72 kernel and it looks good. 
Tested successfully.
Comment 7 Don Zickus 2007-06-16 00:30:37 UTC 
in 2.6.18-27.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 9 John Poelstra 2007-08-27 18:56:38 UTC 
A fix for this issue should have been included in the packages contained in the
RHEL5.1-Snapshot3 on partners.redhat.com.  

Requested action: Please verify that your issue is fixed as soon as possible to
ensure that it is included in this update release.

After you (Red Hat Partner) have verified that this issue has been addressed,
please perform the following:
1) Change the *status* of this bug to VERIFIED.
2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified)

If this issue is not fixed, please add a comment describing the most recent
symptoms of the problem you are having and change the status of the bug to FAILS_QA.

More assistance: If you cannot access bugzilla, please reply with a message to
Issue Tracker and I will change the status for you.  If you need assistance
accessing ftp://partners.redhat.com, please contact your Partner Manager.
Comment 10 John Poelstra 2007-08-31 00:28:04 UTC 
A fix for this issue should have been included in the packages contained in the
RHEL5.1-Snapshot4 on partners.redhat.com.  

Requested action: Please verify that your issue is fixed *as soon as possible*
to ensure that it is included in this update release.

After you (Red Hat Partner) have verified that this issue has been addressed,
please perform the following:
1) Change the *status* of this bug to VERIFIED.
2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified)

If this issue is not fixed, please add a comment describing the most recent
symptoms of the problem you are having and change the status of the bug to FAILS_QA.

If you cannot access bugzilla, please reply with a message to Issue Tracker and
I will change the status for you.  If you need assistance accessing
ftp://partners.redhat.com, please contact your Partner Manager.
Comment 11 John Poelstra 2007-09-11 19:20:55 UTC 
A fix for this issue should have been included in the packages contained in the
RHEL5.1-Snapshot6 on partners.redhat.com.  

Requested action: Please verify that your issue is fixed ASAP to confirm that it
will be included in this update release.

After you (Red Hat Partner) have verified that this issue has been addressed,
please perform the following:
1) Change the *status* of this bug to VERIFIED.
2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified)

If this issue is not fixed, please add a comment describing the most recent
symptoms of the problem you are having and change the status of the bug to FAILS_QA.

If you cannot access bugzilla, please reply with a message to Issue Tracker and
I will change the status for you.  If you need assistance accessing
ftp://partners.redhat.com, please contact your Partner Manager.
Comment 12 John Poelstra 2007-09-20 04:46:39 UTC 
A fix for this issue should have been included in the packages contained in the
RHEL5.1-Snapshot7 on partners.redhat.com.  

Requested action: Please verify that your issue is fixed ASAP to confirm that it
will be included in this update release.

After you (Red Hat Partner) have verified that this issue has been addressed,
please perform the following:
1) Change the *status* of this bug to VERIFIED.
2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified)

If this issue is not fixed, please add a comment describing the most recent
symptoms of the problem you are having and change the status of the bug to FAILS_QA.

If you cannot access bugzilla, please reply with a message to Issue Tracker and
I will change the status for you.  If you need assistance accessing
ftp://partners.redhat.com, please contact your Partner Manager.
Comment 13 John Poelstra 2007-09-26 23:44:13 UTC 
A fix for this issue should be included in the packages contained in
RHEL5.1-Snapshot8--available now on partners.redhat.com.  

IMPORTANT: This is the last opportunity to confirm that your issue is fixed in
the RHEL5.1 update release.

After you (Red Hat Partner) have verified that this issue has been addressed,
please perform the following:
1) Change the *status* of this bug to VERIFIED.
2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified)

If this issue is not fixed, please add a comment describing the most recent
symptoms of the problem you are having and change the status of the bug to FAILS_QA.

If you cannot access bugzilla, please reply with a message to Issue Tracker and
I will change the status for you.  If you need assistance accessing
ftp://partners.redhat.com, please contact your Partner Manager.
Comment 15 errata-xmlrpc 2007-11-07 19:44:19 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html