Ubuntu
audit package

auditctl in Precise 1204 uses syscall API deprecated since 2006, fails to work with kernels after 2013-04-30

Bug #1317188 reported by Roman Fiedler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
audit (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
New
Undecided
Unassigned

Bug Description

It seems, that auditctl as packaged with Ubuntu Precise 1204 uses an old syscall API control to add rules:

#define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */

The new value should be

#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */

The value is deprecated, the audit_netlink_ok function after 2013-04-30 will refuse to accept it, see commit [1]

Since the value is declared deprecated since 2006-03-20 (see [2]), it would be nice, that Ubuntu Precise would use the new syscall API, otherwise it cannot be used on kernels more than one year newer than the initial Precise release, which might be problematic with kernel development strategies, that are more dependent on trunk kernels, e.g. linux vserver virtualization. See [3]

# lsb_release -rd
Description: Ubuntu 12.04.4 LTS
Release: 12.04

# apt-cache policy auditd
auditd:
  Installed: 1.7.18-1ubuntu1
  Candidate: 1.7.18-1ubuntu1
  Version table:
 *** 1.7.18-1ubuntu1 0
        100 /var/lib/dpkg/status

[1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18900909163758baf2152c9102b1a0953f7f1c30
[2] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93315ed6dd12dacfc941f9eb8ca0293aadf99793
[3] http://archives.linux-vserver.org/201405/0004.html

Laurent Bigonville (bigon)
Changed in audit (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.