Bug 697463 - Broken autrace -r on s390x
Summary: Broken autrace -r on s390x
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit
Version: 6.1
Hardware: s390x
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 682670 RHEL62CCC 846801 846802
TreeView+ depends on / blocked
 
Reported: 2011-04-18 11:05 UTC by Eduard Benes
Modified: 2012-08-08 18:29 UTC (History)
0 users

(edit)
previously, the "autrace -r"  command on the s390x architecture attempted to audit network syscalls not available on s390x. Consequently, an error similar to the following might have been returned:

Error inserting audit rule for pid=13163

With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.
Clone Of:
(edit)
Last Closed: 2011-05-19 13:55:43 UTC


Attachments (Terms of Use)
strace output of autrace -r /bin/ls on s390x (11.35 KB, text/plain)
2011-04-18 11:05 UTC, Eduard Benes
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0653 normal SHIPPED_LIVE audit bug fix and enhancement update 2011-05-18 17:55:30 UTC

Description Eduard Benes 2011-04-18 11:05:25 UTC
Created attachment 492856 [details]
strace output of autrace -r /bin/ls on s390x

Description of problem:
Autrace fails to to add audit rules to trace a process on s390 in resource usage mode when it is set to limit syscalls collected to ones needed for analysing resource usage.

Version-Release number of selected component (if applicable):
audit-2.1-3.el6.s390x
# uname -a
Linux auto-s390-002.ss.eng.bos.redhat.com 2.6.32-128.el6.s390x #1 SMP Mon Mar 28 21:58:33 EDT 2011 s390x s390x s390x GNU/Linux

How reproducible:
always

Steps to Reproduce:
1. # autrace -r /bin/ls
2.
3.
  
Actual results:
[root@auto-s390-002 ~]# autrace -r /bin/ls
Error inserting audit rule for pid=13163

Expected results:
Something like this
# autrace -r /bin/ls
Waiting to execute: /bin/ls
 ...
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 30207'

Additional info:
Works as expected without the resource usage mode 
# autrace /bin/ls /tmp
 ...
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 13192'

Comment 1 Steve Grubb 2011-04-18 12:14:44 UTC
Fixed upstream in this commit:
https://fedorahosted.org/audit/changeset/518

Comment 5 Steve Grubb 2011-04-20 15:01:30 UTC
audit-2.1-4.el6 was built to resolve this problem.

Comment 10 errata-xmlrpc 2011-05-19 13:55:43 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0653.html


Note You need to log in before you can comment on or make changes to this bug.