Hide Forgot
Description of problem: auditctl -l returns 0 even if it fails due to dropperd capabilities. Version-Release number of selected component (if applicable): audit-2.1-5.el6 How reproducible: always Steps to Reproduce: # capsh --drop=cap_dac_override,cap_audit_control -- # auditctl -l Error sending rule list data request (Operation not permitted) # echo $? 0 Actual results: Returns 0 even if the operation is not permitted Expected results: Non-zero value if the operation is not permitted Additional info: # auditctl -D Error sending rule list data request (Operation not permitted) # echo $? 255 # auditctl -a exit,always -F subj_clr=s0:c36,c446 Error sending status request (Operation not permitted) Error sending add rule data request (Operation not permitted) # echo $? 255 # auditctl -d exit,always -F subj_clr=s0:c36,c446 Error sending status request (Operation not permitted) Error sending delete rule data request (Operation not permitted) # echo $? 255
Fixed in upstream commit: https://fedorahosted.org/audit/changeset/539
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
This was addressed in audit-2.1.3-1.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1739.html