Red Hat Bugzilla – Bug 452535
CONFIG_AUDITSYSCALL requires SELinux
Last modified: 2009-01-20 15:25:38 EST
Description of problem:
The RHEL 5.2 kernel requires SELinux to successfully compile the auditsc.c
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install source RPM kernel-2.6.18-92.el5.src.rpm
2. Edit the i686 kernel config (I used "make menuconfig") to disable SELinux support
3. Attempt to rebuild kernel
Build fails on source file auditsc.c due to unconditional use of SELinux
functions calls. (Sorry, I didn't copy the exact error. The undefined function
involved string and was probably selinux_ctxid_to_string().)
The doc for Auditd System Calls says that its use with other subsystems, such as
SELinux, is optional. Moreover the 2 features (Auditd SC and SELinux) are not
linked in the kernel configuration system in that disabling SELinux support
seems not to recognize that Auditd System Calls is dependant upon it.
I am all too aware that Red Hat does not support user-configured kernels.
Nevertheless, I think you might want to know that you have inadvertantly
introduced a dependency between 2 independent kernel features.
I fixed the problem locally by simply disabling CONFIG_AUDITSYSCALL, another
feature I don't use. Red Hat will probably want to #ifdef the relevant code in
auditsc.c to SELinux support.
>I am all too aware that Red Hat does not support user-configured kernels.
>Nevertheless, I think you might want to know that you have inadvertantly
>introduced a dependency between 2 independent kernel features.
So I don't have to go into my spiel about RH not supporting custom kernels but
they should at least compile? :) :) :)
Thanks again Steve -- I'll get a patch together shortly.
Created attachment 310341 [details]
RHEL5 fix for this issue
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
*** Bug 453715 has been marked as a duplicate of this bug. ***
Created attachment 311152 [details]
RHEL5 Fix for this issue (version 2)
You can download this test kernel from http://people.redhat.com/dzickus/el5
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.