auditctl in Precise 1204 uses syscall API deprecated since 2006, fails to work with kernels after 2013-04-30
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
audit (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
New
|
Undecided
|
Unassigned |
Bug Description
It seems, that auditctl as packaged with Ubuntu Precise 1204 uses an old syscall API control to add rules:
#define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */
The new value should be
#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
The value is deprecated, the audit_netlink_ok function after 2013-04-30 will refuse to accept it, see commit [1]
Since the value is declared deprecated since 2006-03-20 (see [2]), it would be nice, that Ubuntu Precise would use the new syscall API, otherwise it cannot be used on kernels more than one year newer than the initial Precise release, which might be problematic with kernel development strategies, that are more dependent on trunk kernels, e.g. linux vserver virtualization. See [3]
# lsb_release -rd
Description: Ubuntu 12.04.4 LTS
Release: 12.04
# apt-cache policy auditd
auditd:
Installed: 1.7.18-1ubuntu1
Candidate: 1.7.18-1ubuntu1
Version table:
*** 1.7.18-1ubuntu1 0
100 /var/lib/
[1] http://
[2] http://
[3] http://
Changed in audit (Ubuntu): | |
status: | New → Fix Released |