Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 224080 - LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend
Summary: LSPP: audit does not log obj label for mq_timedreceive/mq_timedsend
Keywords:
Status: CLOSED DUPLICATE of bug 223919
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Eric Paris
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: RHEL5LSPPCertTracker
TreeView+ depends on / blocked
 
Reported: 2007-01-23 22:57 UTC by Amy Griffis
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-19 17:27:45 UTC


Attachments (Terms of Use)
Untested patch against lspp.63 kernel. (deleted)
2007-01-23 23:46 UTC, Amy Griffis
no flags Details | Diff

Description Amy Griffis 2007-01-23 22:57:59 UTC
Description of problem:

Audit does not log an obj label for the message queue for the mq_timedreceive
and mq_timedsend syscalls. Because MLS checks are performed for these
operations, audit must log the obj label in order to meet LSPP cert requirements.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. create a message queue with mq_open()
2. auditctl -a exit,always -S mq_timedsend
3. open the message queue with mq_open()
4. send a message via mq_timedsend()
  
Actual results:

type=SYSCALL msg=audit(1169592467.169:78417): arch=c000003e syscall=242
success=yes exit=0 a0=3 a1=4008f6 a2=b a3=1 items=0 ppid=3332 pid=29124 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="do_mq_timedsend"
exe="/usr/local/eal4_testing/do_mq_timedsend"
subj=staff_u:lspp_test_r:lspp_harness_t:s15 key=(null)
type=MQ_SENDRECV msg=audit(1169592467.169:78417): mqdes=3 msg_len=11 msg_prio=1
abs_timeout_sec=0 abs_timeout_nsec=0

Expected results:

Expect some additional records, e.g.:

type=CWD msg=audit(1169592467.169:78417): cwd="/usr/local/eal4_testing"
type=PATH msg=audit(1169592467.169:78417): item=1 name=(null) inode=168458
dev=00:0d mode=0100700 ouid=0 ogid=0 rdev=00:00
obj=staff_u:object_r:lspp_test_generic_tmpfs_t:s15:c0.c1023

Additional info:

Comment 1 Amy Griffis 2007-01-23 23:46:56 UTC
Created attachment 146378 [details]
Untested patch against lspp.63 kernel.

Comment 2 Irina Boverman 2007-01-24 16:05:28 UTC
This is needed for LSPP certification.

Comment 3 Amy Griffis 2007-01-31 18:17:23 UTC
I've just had a conversation with our evaluator, and he clarified that this is
not needed for LSPP certification after all. Bug #223919 is still needed.

Comment 4 Irina Boverman 2007-02-02 20:08:30 UTC
I will remove it from the tracker (224041).

Comment 6 Steve Grubb 2007-02-02 20:26:29 UTC
Please leave this in the tracker and 5.1

Comment 7 Irina Boverman 2007-02-02 20:46:46 UTC
Ok, leaving it in the tracker and 5.1.

Comment 8 Irina Boverman 2007-02-14 20:53:41 UTC
per 2/12 discussion, Amy is reworking this patch and will make it available for
review shortly.

Comment 9 Eric Paris 2007-02-19 17:27:45 UTC
Since the patches for this and 223919 have been rolled together upstream I am
going to close this bug as a dup of 223919 and will add a notice there that the
testing footprint of 223919 should be made large enough to cover this as well.

*** This bug has been marked as a duplicate of 223919 ***


Note You need to log in before you can comment on or make changes to this bug.