Bug 697463 - Broken autrace -r on s390x
Summary: Broken autrace -r on s390x
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit
Version: 6.1
Hardware: s390x
OS: Linux
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: BaseOS QE Security Team
Depends On:
Blocks: 682670 RHEL62CCC 846801 846802
TreeView+ depends on / blocked
Reported: 2011-04-18 11:05 UTC by Eduard Benes
Modified: 2012-08-08 18:29 UTC (History)
0 users

previously, the "autrace -r"  command on the s390x architecture attempted to audit network syscalls not available on s390x. Consequently, an error similar to the following might have been returned:

Error inserting audit rule for pid=13163

With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.
Clone Of:
Last Closed: 2011-05-19 13:55:43 UTC

Attachments (Terms of Use)
strace output of autrace -r /bin/ls on s390x (11.35 KB, text/plain)
2011-04-18 11:05 UTC, Eduard Benes
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0653 normal SHIPPED_LIVE audit bug fix and enhancement update 2011-05-18 17:55:30 UTC

Description Eduard Benes 2011-04-18 11:05:25 UTC
Created attachment 492856 [details]
strace output of autrace -r /bin/ls on s390x

Description of problem:
Autrace fails to to add audit rules to trace a process on s390 in resource usage mode when it is set to limit syscalls collected to ones needed for analysing resource usage.

Version-Release number of selected component (if applicable):
# uname -a
Linux auto-s390-002.ss.eng.bos.redhat.com 2.6.32-128.el6.s390x #1 SMP Mon Mar 28 21:58:33 EDT 2011 s390x s390x s390x GNU/Linux

How reproducible:

Steps to Reproduce:
1. # autrace -r /bin/ls
Actual results:
[root@auto-s390-002 ~]# autrace -r /bin/ls
Error inserting audit rule for pid=13163

Expected results:
Something like this
# autrace -r /bin/ls
Waiting to execute: /bin/ls
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 30207'

Additional info:
Works as expected without the resource usage mode 
# autrace /bin/ls /tmp
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 13192'

Comment 1 Steve Grubb 2011-04-18 12:14:44 UTC
Fixed upstream in this commit:

Comment 5 Steve Grubb 2011-04-20 15:01:30 UTC
audit-2.1-4.el6 was built to resolve this problem.

Comment 10 errata-xmlrpc 2011-05-19 13:55:43 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.