Bug 697463 - Broken autrace -r on s390x
Broken autrace -r on s390x
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit (Show other bugs)
6.1
s390x Linux
high Severity high
: rc
: ---
Assigned To: Steve Grubb
BaseOS QE Security Team
:
Depends On:
Blocks: 682670 RHEL62CCC 846801 846802
  Show dependency treegraph
 
Reported: 2011-04-18 07:05 EDT by Eduard Benes
Modified: 2012-08-08 14:29 EDT (History)
0 users

See Also:
Fixed In Version: audit-2.1-4.el6
Doc Type: Bug Fix
Doc Text:
previously, the "autrace -r" command on the s390x architecture attempted to audit network syscalls not available on s390x. Consequently, an error similar to the following might have been returned: Error inserting audit rule for pid=13163 With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 09:55:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
strace output of autrace -r /bin/ls on s390x (11.35 KB, text/plain)
2011-04-18 07:05 EDT, Eduard Benes
no flags Details

  None (edit)
Description Eduard Benes 2011-04-18 07:05:25 EDT
Created attachment 492856 [details]
strace output of autrace -r /bin/ls on s390x

Description of problem:
Autrace fails to to add audit rules to trace a process on s390 in resource usage mode when it is set to limit syscalls collected to ones needed for analysing resource usage.

Version-Release number of selected component (if applicable):
audit-2.1-3.el6.s390x
# uname -a
Linux auto-s390-002.ss.eng.bos.redhat.com 2.6.32-128.el6.s390x #1 SMP Mon Mar 28 21:58:33 EDT 2011 s390x s390x s390x GNU/Linux

How reproducible:
always

Steps to Reproduce:
1. # autrace -r /bin/ls
2.
3.
  
Actual results:
[root@auto-s390-002 ~]# autrace -r /bin/ls
Error inserting audit rule for pid=13163

Expected results:
Something like this
# autrace -r /bin/ls
Waiting to execute: /bin/ls
 ...
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 30207'

Additional info:
Works as expected without the resource usage mode 
# autrace /bin/ls /tmp
 ...
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 13192'
Comment 1 Steve Grubb 2011-04-18 08:14:44 EDT
Fixed upstream in this commit:
https://fedorahosted.org/audit/changeset/518
Comment 5 Steve Grubb 2011-04-20 11:01:30 EDT
audit-2.1-4.el6 was built to resolve this problem.
Comment 10 errata-xmlrpc 2011-05-19 09:55:43 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0653.html

Note You need to log in before you can comment on or make changes to this bug.