Bug 452535 - CONFIG_AUDITSYSCALL requires SELinux
CONFIG_AUDITSYSCALL requires SELinux
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.2
All Linux
low Severity low
: rc
: ---
Assigned To: Prarit Bhargava
Martin Jenner
:
: 453715 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-23 12:03 EDT by Steve Snyder
Modified: 2009-01-20 15:25 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 15:25:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
RHEL5 fix for this issue (936 bytes, patch)
2008-06-26 10:41 EDT, Prarit Bhargava
no flags Details | Diff
RHEL5 Fix for this issue (version 2) (600 bytes, patch)
2008-07-07 10:01 EDT, Prarit Bhargava
no flags Details | Diff

  None (edit)
Description Steve Snyder 2008-06-23 12:03:40 EDT
Description of problem:

The RHEL 5.2 kernel requires SELinux to successfully compile the auditsc.c
source file.

Version-Release number of selected component (if applicable):

2.6.18-92.el5.i686

How reproducible:

Always

Steps to Reproduce:
1. Install source RPM kernel-2.6.18-92.el5.src.rpm
2. Edit the i686 kernel config (I used "make menuconfig") to disable SELinux support
3. Attempt to rebuild kernel
  
Actual results:

Build fails on source file auditsc.c due to unconditional use of SELinux
functions calls.  (Sorry, I didn't copy the exact error.  The undefined function
involved string and was probably selinux_ctxid_to_string().)

Expected results:

The doc for Auditd System Calls says that its use with other subsystems, such as
SELinux, is optional.  Moreover the 2 features (Auditd SC and SELinux) are not
linked in the kernel configuration system in that disabling SELinux support
seems not to recognize that Auditd System Calls is dependant upon it.

Additional info:

I am all too aware that Red Hat does not support user-configured kernels. 
Nevertheless, I think you might want to know that you have inadvertantly
introduced a dependency between 2 independent kernel features.

I fixed the problem locally by simply disabling CONFIG_AUDITSYSCALL, another
feature I don't use.  Red Hat will probably want to #ifdef the relevant code in
auditsc.c to SELinux support.
Comment 1 Prarit Bhargava 2008-06-26 08:19:17 EDT
>I am all too aware that Red Hat does not support user-configured kernels. 
>Nevertheless, I think you might want to know that you have inadvertantly
>introduced a dependency between 2 independent kernel features.

So I don't have to go into my spiel about RH not supporting custom kernels but
they should at least compile? :) :) :)

Thanks again Steve -- I'll get a patch together shortly.

P.
Comment 2 Prarit Bhargava 2008-06-26 10:41:58 EDT
Created attachment 310341 [details]
RHEL5 fix for this issue
Comment 3 RHEL Product and Program Management 2008-06-26 10:58:16 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 5 Eric Paris 2008-07-06 10:40:52 EDT
*** Bug 453715 has been marked as a duplicate of this bug. ***
Comment 6 Prarit Bhargava 2008-07-07 10:01:06 EDT
Created attachment 311152 [details]
RHEL5 Fix for this issue (version 2)

Reworked patch.

P.
Comment 7 Don Zickus 2008-07-23 14:55:57 EDT
in kernel-2.6.18-99.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 11 errata-xmlrpc 2009-01-20 15:25:38 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-0225.html

Note You need to log in before you can comment on or make changes to this bug.