Bug 709345 - /sbin/auditctl -l returns 0 even if it fails due to dropped capabilities
/sbin/auditctl -l returns 0 even if it fails due to dropped capabilities
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: audit (Show other bugs)
6.1
All Linux
medium Severity medium
: rc
: ---
Assigned To: Steve Grubb
Ondrej Moriš
:
Depends On:
Blocks: RHEL62CCC 730904 846801 846802
  Show dependency treegraph
 
Reported: 2011-05-31 08:47 EDT by Eduard Benes
Modified: 2012-08-08 14:29 EDT (History)
2 users (show)

See Also:
Fixed In Version: audit-2.1.3-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-06 13:20:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Eduard Benes 2011-05-31 08:47:14 EDT
Description of problem:
auditctl -l returns 0 even if it fails due to dropperd capabilities.

Version-Release number of selected component (if applicable):
audit-2.1-5.el6

How reproducible:
always

Steps to Reproduce:
# capsh --drop=cap_dac_override,cap_audit_control --
# auditctl -l 
Error sending rule list data request (Operation not permitted)
# echo $?
0
  
Actual results:
Returns 0 even if the operation is not permitted

Expected results:
Non-zero value if the operation is not permitted

Additional info:
# auditctl -D
Error sending rule list data request (Operation not permitted)
# echo $?
255
# auditctl -a exit,always -F subj_clr=s0:c36,c446
Error sending status request (Operation not permitted)
Error sending add rule data request (Operation not permitted)
# echo $?
255
# auditctl -d exit,always -F subj_clr=s0:c36,c446
Error sending status request (Operation not permitted)
Error sending delete rule data request (Operation not permitted)
# echo $?
255
Comment 1 Steve Grubb 2011-06-01 14:25:35 EDT
Fixed in upstream commit:
https://fedorahosted.org/audit/changeset/539
Comment 4 RHEL Product and Program Management 2011-08-04 16:30:08 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 5 Steve Grubb 2011-08-15 16:50:41 EDT
This was addressed in audit-2.1.3-1.el6
Comment 9 errata-xmlrpc 2011-12-06 13:20:08 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1739.html

Note You need to log in before you can comment on or make changes to this bug.