[Bug 1722313] Re: Enable auditing in util-linux.

Joy Latten joy.latten at canonical.com
Fri Feb 9 20:46:04 UTC 2018 

Summary of analysis of the autopkgtest failures listed for his SRU in
http://people.canonical.com/~ubuntu-archive/pending-sru.html

For Artful regressions:

1. dpdk (s390x), ocfs2-tools (s390x), lxcfs(s390x), ori(s390x), network-manager(s390x), lxd(s390x) 
These all have failing testcases that were skipped in prior version of util-linux. The same reason stated in comment #21 above may be applicable here as well. 

2. network-manager(ppc64el) - has had 2 runs. In one run, test_wpa1_ip4
fails, test_rfkill pass. In the other run, test_wpa1_ip4 pass and
test_rfkill fail. A timeout results in the failure. Seems testcases do
pass for this version of util-linux but sensitive current workload
maybe...

3. gnocchi(all platforms) - further investigating.

4. libdata-uuid-libuuid-perl(s390x) - might be to the change in test
environment such as #1.

5. tracker(arm64) - further investigation. no prior run to compare with.

6. nplan(arm64) - further investigation. no prior run to compare with.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1722313

Title:
  Enable auditing in util-linux.

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  Fix Committed
Status in util-linux source package in Zesty:
  Fix Committed
Status in util-linux source package in Artful:
  Fix Committed
Status in util-linux package in Debian:
  New

Bug description:
  [IMPACT]
  Enable auditing in util-linux. The config option, --with-audit enables auditing.

  Only the hwclock and the login commands within util-linux package have
  source code for auditing. But that source code is disabled by default
  and requires the config option, --with-audit to enable it. The login
  command is not built nor shipped in util-linux. Ubuntu uses the login
  command from shadow instead. Thus, only hwclock command would be
  affected by this change.

  The change would enable the hwclock command to generate an audit log
  message to /var/log/audit/audit.log whenever it changes the hardware
  clock. This message will only get logged to /var/log/audit/audit.log,
  if auditd daemon is running. Otherwise, if the auditd is not running,
  like most log messages, it will get logged to /var/log/kern.log and|or
  /var/log/syslog if these services are enabled.

  That the hwclock generates an audit message when hardware clock is
  changed is a requirement for Common Criteria EAL2 certification for
  Xenial.

  [TEST]

  This has been tested on both P8 and amd64 architectures. With the
  patch all the Common Criteria testcases pass for hwclock. Before this
  patch, the functional part of the testcase passed, but the check for
  the triggered audit records would fail. Attached the Common Criteria
  testcase below.

  Also, the util-linux package has testcases that get run during the
  build. All of these pass. Pointer to build log below.

  [REGRESSION POTENTIAL]
  The regression potential for this should be small. This change does not take away from any current functionality. It just adds the ability to generate an audit entry when system hardware clock is altered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+subscriptions

More information about the foundations-bugs mailing list