Bug 233186 - LSPP: Add audit rule bit operators patch
LSPP: Add audit rule bit operators patch
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Grubb
Brian Brock
Depends On: 232967
  Show dependency treegraph
Reported: 2007-03-20 16:01 EDT by Steve Grubb
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007-0602
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 12:03:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2007-03-20 16:01:33 EDT
+++ This bug was initially created as a clone of Bug #232967 +++

Description of problem:
There is not good way to audit syscalls that have bit mapped options. A patch
was sent to the linux-audit mail list adding this capability. This is not
strictly required for LSPP, but helps customers.

This bz is to track the user space piece of it.
Comment 2 Steve Grubb 2007-03-20 20:48:05 EDT
The patch introduces the mask and bit test operators for creating audit rules.
For example, if you wanted to audit chmod syscalls that change a file to be
executable, with this patch applied you would do this:

auditctl -a always,entry -S chmod -F arg1&0111

As its is now, you would have to audit all chmods and search for the ones that
have the execute bit set...this is wasteful to say the least.

audit-1.5.1 already has this capability, this is a backport.
Comment 4 Eric Paris 2007-03-26 16:39:33 EDT
Stated not required for evaluation.  Steve, can we remove the LSPP whiteboard
mark so it doesn't come up on list and won't be considered a blocker?
Comment 5 Steve Grubb 2007-03-27 17:25:28 EDT
The lspp.70 kernel tests good with the patch included.
Comment 9 errata-xmlrpc 2007-11-07 12:03:24 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.