Bug 697463 - Broken autrace -r on s390x
Broken autrace -r on s390x
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit (Show other bugs)
s390x Linux
high Severity high
: rc
: ---
Assigned To: Steve Grubb
BaseOS QE Security Team
Depends On:
Blocks: 682670 RHEL62CCC 846801 846802
  Show dependency treegraph
Reported: 2011-04-18 07:05 EDT by Eduard Benes
Modified: 2012-08-08 14:29 EDT (History)
0 users

See Also:
Fixed In Version: audit-2.1-4.el6
Doc Type: Bug Fix
Doc Text:
previously, the "autrace -r" command on the s390x architecture attempted to audit network syscalls not available on s390x. Consequently, an error similar to the following might have been returned: Error inserting audit rule for pid=13163 With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.
Story Points: ---
Clone Of:
Last Closed: 2011-05-19 09:55:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
strace output of autrace -r /bin/ls on s390x (11.35 KB, text/plain)
2011-04-18 07:05 EDT, Eduard Benes
no flags Details

  None (edit)
Description Eduard Benes 2011-04-18 07:05:25 EDT
Created attachment 492856 [details]
strace output of autrace -r /bin/ls on s390x

Description of problem:
Autrace fails to to add audit rules to trace a process on s390 in resource usage mode when it is set to limit syscalls collected to ones needed for analysing resource usage.

Version-Release number of selected component (if applicable):
# uname -a
Linux auto-s390-002.ss.eng.bos.redhat.com 2.6.32-128.el6.s390x #1 SMP Mon Mar 28 21:58:33 EDT 2011 s390x s390x s390x GNU/Linux

How reproducible:

Steps to Reproduce:
1. # autrace -r /bin/ls
Actual results:
[root@auto-s390-002 ~]# autrace -r /bin/ls
Error inserting audit rule for pid=13163

Expected results:
Something like this
# autrace -r /bin/ls
Waiting to execute: /bin/ls
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 30207'

Additional info:
Works as expected without the resource usage mode 
# autrace /bin/ls /tmp
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 13192'
Comment 1 Steve Grubb 2011-04-18 08:14:44 EDT
Fixed upstream in this commit:
Comment 5 Steve Grubb 2011-04-20 11:01:30 EDT
audit-2.1-4.el6 was built to resolve this problem.
Comment 10 errata-xmlrpc 2011-05-19 09:55:43 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.