Accepting request 240711 from home:jones_tony:branches:security

OBS-URL: https://build.opensuse.org/request/show/240711 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=68
2014-07-11 21:01:21 +00:00 · 2014-07-11 21:01:21 +00:00 · 0251e93f2b
commit 0251e93f2b
parent 27566ad836
3 changed files with 48 additions and 0 deletions
--- a/audit-ausearch-do-not-require-tclass.patch
+++ b/audit-ausearch-do-not-require-tclass.patch
@ -0,0 +1,39 @@
+From: William Preston <wpreston@suse.com>
+Subject: ausearch is looking for the "tclass" field in the entries, which doesn't make sense for apparmor.
+References: bnc#878687
+References: https://www.redhat.com/archives/linux-audit/2014-May/msg00094.html https://www.redhat.com/archives/linux-audit/2014-June/msg00001.html
+Upstream: never
+Signed-off-by: Tony Jones <tonyj@suse.de>
+
+---
+ src/ausearch-parse.c |   18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
+@@ -1735,17 +1735,15 @@ static int parse_avc(const lnode *n, sea
+ 
+ 	// Now get the class...its at the end, so we do things different
+ 	str = strstr(term, "tclass=");
+-	if (str == NULL) {
+-		rc = 9;
+-		goto err;
+	if (str) {
+		str += 7;
+		term = strchr(str, ' ');
+		if (term)
+			*term = 0;
+		an.avc_class = strdup(str);
+		if (term)
+			*term = ' ';
+ 	}
+-	str += 7;
+-	term = strchr(str, ' ');
+-	if (term)
+-		*term = 0;
+-	an.avc_class = strdup(str);
+-	if (term)
+-		*term = ' ';
+ 
+ 	if (audit_avc_init(s) == 0) {
+ 		alist_append(s->avc, &an);
--- a/audit-secondary.changes
+++ b/audit-secondary.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jul 10 06:21:55 UTC 2014 - tonyj@suse.com
+
+- Do not require tclass field to be present when searching for AVC
+  records (bnc#878687)
+  add patch: audit-ausearch-do-not-require-tclass.patch
+
 -------------------------------------------------------------------
 Tue Apr 15 00:52:16 UTC 2014 - tonyj@suse.com

--- a/audit-secondary.spec
+++ b/audit-secondary.spec
@ -38,6 +38,7 @@ Patch1:         audit-plugins-path.patch
 Patch2:         audit-no-gss.patch
 Patch3:         audit-no_m4_dir.patch
 Patch4:         audit-allow-manual-stop.patch
+Patch5:         audit-ausearch-do-not-require-tclass.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  audit-devel = %{version}
 BuildRequires:  autoconf >= 2.12
@ -94,6 +95,7 @@ rm -rf audisp/plugins/prelude
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1

 %build
 autoreconf -fi