[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Changed in: util-linux (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Tags removed: sts-sponsor-mfo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Changed in: util-linux (Debian) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Changed in: util-linux (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
This bug was fixed in the package util-linux - 2.31.1-0.4ubuntu3.6 --- util-linux (2.31.1-0.4ubuntu3.6) bionic; urgency=medium * d/p/hwclock_fix_audit_status.patch: reverse hwclock exit status so to match audit_log_user_message(3) semantics. (LP: #1865504) -- Joy Latten Thu, 05 Mar 2020 11:23:23 -0600 ** Changed in: util-linux (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
This bug was fixed in the package util-linux - 2.34-0.1ubuntu2.4 --- util-linux (2.34-0.1ubuntu2.4) eoan; urgency=medium * d/p/hwclock_fix_audit_status.patch: reverse hwclock exit status so to match audit_log_user_message(3) semantics. (LP: #1865504) -- Joy Latten Thu, 05 Mar 2020 11:23:23 -0600 ** Changed in: util-linux (Ubuntu Eoan) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Tags added: verification-done-eoan ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Successful verification on amd64 for bionic $ dpkg -l | grep util-linux ii util-linux2.31.1-0.4ubuntu3.6 amd64miscellaneous system utilities $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS" type=USYS_CONFIG msg=audit(1584464596.658:106): pid=13437 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname =bionic-fips addr=? terminal=pts/0 res=success' type=USYS_CONFIG msg=audit(1584464615.494:117): pid=13441 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname =bionic-fips addr=? terminal=pts/0 res=success' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
autopkgtests --- All test failures (except mysql-5.7 on bionic) were transient, and passed w/ one retry. The test failure for mysql-5.7/bionic is unrelated to this upload. Confirmed w/ a retry on -updates and -proposed. Both fail in the same way: mysql-5.7 [bionic/amd64] Version TriggersDateDurationRequester Result 5.7.29-0ubuntu0.18.04.1 util-linux/2.31.1-0.4ubuntu3.5 2020-03-17 11:02:44 UTC 0h 43m 09s mfo faillog artifacts ♻ 5.7.29-0ubuntu0.18.04.1 util-linux/2.31.1-0.4ubuntu3.6 2020-03-17 10:55:08 UTC 0h 35m 47s mfo faillog artifacts ♻ """ Completed: Failed 1/780 tests, 99.87% were successful. Failing test(s): main.events_1 """ The pending-sru page [1] is already up-to-date and shows only the msyql-5.7 (unrelated) failures. cheers, Mauricio [1] https://people.canonical.com/~ubuntu-archive/pending-sru.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Successful verification on amd64 for eaon $ dpkg -l | grep util-linux ii util-linux 2.34-0.1ubuntu2.4 amd64miscellaneous system utilities Audit records found in /var/log/audit/audit.log, type=USYS_CONFIG msg=audit(1584463433.533:68): pid=4263 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eaon- server addr=? terminal=pts/0 res=success' type=USYS_CONFIG msg=audit(1584463480.497:81): pid=4268 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eaon- server addr=? terminal=pts/0 res=success' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Hi Joy, Thanks for looking at those, I'm back from PTO and will take a look at clearing them out. Do you plan to verify bionic/eoan-proposed? I can do it as it's quick, but wanted to check w/ you first as you're the reporter. Thanks, Mauricio -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Mauricio, Thank you so much for handling. Much appreciated. I took a quick look at the above #15 and #16 and perhaps a retry may be beneficial... there were some timeouts... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Hello Joy, or anyone else affected, Accepted util-linux into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util- linux/2.34-0.1ubuntu2.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-eoan. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: util-linux (Ubuntu Eoan) Status: In Progress => Fix Committed ** Changed in: util-linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Tags added: sts-sponsor-mfo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Joy, Great work on the debdiff, specially on the DEP3 headers in the patch, and on the steps to reproduce, which are concise and clear. I slightly modified the changelog entry to include the d/p/file.patch path, and clarified its purpose. I also ran 'quilt refresh' to remove offsets when applying the patch. Attaching the debdiffs for reference. The version numbers are OK (not used in the archive) / followed rules, and ensure upgrade path across releases. The packages for Eoan and Bionic built successfully on all archs with debug symbols enabled (ppa:mfo/lp1865504). I have successfully tested the packages on Eoan and Bionic (pasting.) Having verified that util-linux is not in the upload queue for E/B nor have any SRU in progress in eoan/bionic-proposed; uploading it. cheers, Mauricio -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Patch added: "lp1865504_bionic_util-linux.debdiff" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5335834/+files/lp1865504_bionic_util-linux.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Test/Eoan: === $ lsb_release -cs eoan $ sudo apt update $ sudo apt install -y auditd Before: (audit.log has res=failed) --- $ dpkg -s util-linux | grep ^Version: Version: 2.34-0.1ubuntu2.3 $ sudo hwclock --set --date "1/1/2000 00:00:00" $ echo $? 0 $ sudo hwclock --utc --systohc $ echo $? 0 $ grep hwclock /var/log/audit/audit.log | tail -n2 type=USYS_CONFIG msg=audit(1583956148.236:82): pid=2380 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=failed' type=USYS_CONFIG msg=audit(1583956151.496:89): pid=2382 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=failed' After: (audit.log has res=success) --- $ sudo add-apt-repository ppa:mfo/lp1865504 $ sudo apt install -y util-linux $ dpkg -s util-linux | grep ^Version: Version: 2.34-0.1ubuntu2.4 $ sudo hwclock --set --date "1/1/2000 00:00:00" $ echo $? 0 $ sudo hwclock --utc --systohc $ echo $? 0 $ grep hwclock /var/log/audit/audit.log | tail -n2 type=USYS_CONFIG msg=audit(1583956232.963:108): pid=3432 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=success' type=USYS_CONFIG msg=audit(1583956238.499:115): pid=3434 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=success' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Patch added: "lp1865504_eoan_util-linux.debdiff" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5335833/+files/lp1865504_eoan_util-linux.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Test/Bionic: === $ lsb_release -cs bionic Before: (audit.log has res=failed) --- $ dpkg -s util-linux | grep ^Version: Version: 2.31.1-0.4ubuntu3.5 $ sudo hwclock --set --date "1/1/2000 00:00:00" $ echo $? 0 $ sudo hwclock --utc --systohc $ echo $? 0 $ grep hwclock /var/log/audit/audit.log | tail -n2 type=USYS_CONFIG msg=audit(1583956487.134:64): pid=3463 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=failed' type=USYS_CONFIG msg=audit(1583956490.498:70): pid=3465 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=failed' After: (audit.log has res=success) --- $ sudo add-apt-repository ppa:mfo/lp1865504 $ sudo apt install -y util-linux $ dpkg -s util-linux | grep ^Version: Version: 2.31.1-0.4ubuntu3.6 $ sudo hwclock --set --date "1/1/2000 00:00:00" $ echo $? 0 $ sudo hwclock --utc --systohc $ echo $? 0 $ grep hwclock /var/log/audit/audit.log | tail -n2 type=USYS_CONFIG msg=audit(1583956532.257:81): pid=3827 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=success' type=USYS_CONFIG msg=audit(1583956535.497:87): pid=3829 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=success' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Description changed:
- [IMPACT]
- hwclock reports incrorect status in audit message
+ [Impact]
- hwclock calls audit_log_user_message(3) to create an audit entry.
- audit_log_user_message(3) result 1 is "success" and 0 is
- "failed", hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse
- status. Thus reports it's status incorrectly in audit message.
+ hwclock reports incorrect status in audit message:
+ - hwclock calls audit_log_user_message(3) to create an audit entry.
+ - audit_log_user_message(3) result 1 is "success" and 0 is "failed".
+ - hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse status.
+ - Thus reports its status incorrectly in audit message.
It is a requirement for Common Criteria Certification that hwclock
reports correct status in audit message.
This has been fixed upstream in https://github.com/karelzak/util-
linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
- [TEST]
+ [Test Steps]
Steps to test:
1. Install auditd
2. Run following testcase,
# hwclock
2020-03-02 15:03:03.280351+
+
# hwclock --set --date "1/1/2000 00:00:00"
# echo $?
0
# hwclock
2000-01-01 00:00:05.413924+
+
# hwclock --utc --systohc
# echo $?
0
# hwclock
2020-03-02 15:07:00.264331+
Following audit messages from /var/log/audit/audit.log,
- type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips
addr=? terminal=pts/0 res=failed'
- type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips
addr=? terminal=pts/0 res=failed'
+ type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0 auid=1000
+ ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-
+ fips addr=? terminal=pts/0 res=failed'
+
+ type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0 auid=1000
+ ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-
+ fips addr=? terminal=pts/0 res=failed'
Note that last entry in each audit record produced when hardware clock
- was modified has, "res=failed". Although, testcase shows no failure
+ was modified has, "res=failed". Although, testcase shows no* failure
occurred.
[Regression Potential]
+
+ Changes limited to the result value passed to audit_log_user_message(3),
+ so the audit messages will change the 'res=' field (to correct result.)
+
There should not be any regression to fix the status given to auditd.
** Description changed:
[Impact]
hwclock reports incorrect status in audit message:
- hwclock calls audit_log_user_message(3) to create an audit entry.
- audit_log_user_message(3) result 1 is "success" and 0 is "failed".
- hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse status.
- Thus reports its status incorrectly in audit message.
It is a requirement for Common Criteria Certification that hwclock
reports correct status in audit message.
This has been fixed upstream in https://github.com/karelzak/util-
linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
[Test Steps]
Steps to test:
1. Install auditd
2. Run following testcase,
# hwclock
2020-03-02 15:03:03.280351+
# hwclock --set --date "1/1/2000 00:00:00"
# echo $?
0
# hwclock
2000-01-01 00:00:05.413924+
# hwclock --utc --systohc
# echo $?
0
# hwclock
2020-03-02 15:07:00.264331+
Following audit messages from /var/log/audit/audit.log,
+ Note that last field in each audit record produced when hardware clock
+ was modified has, "res=failed". Although, testcase shows no* failure
+ occurred.
+
type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-
fips addr=? terminal=pts/0 res=failed'
type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-
fips addr=? terminal=pts/0 res=failed'
- Note that last entry in each audit record produced when hardware clock
- was modified has, "res=failed". Although, testcase shows no* failure
- occurred.
-
[Regression Potential]
Changes limited to the result value passed to audit_log_user_message(3),
so the audit messages will change the 'res=' field (to correct result.)
There should not be any regression to fix the status given to auditd.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1865504
Title:
hwclock reports incorrect status in audit message
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Working on the stable releases E/B as discussed w/ Marc on IRC. ** Changed in: util-linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: util-linux (Ubuntu Bionic) Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo) ** Changed in: util-linux (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: util-linux (Ubuntu Eoan) Status: New => In Progress ** Changed in: util-linux (Ubuntu Eoan) Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo) ** Changed in: util-linux (Ubuntu Eoan) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
This bug was fixed in the package util-linux - 2.34-0.1ubuntu8 --- util-linux (2.34-0.1ubuntu8) focal; urgency=medium * hwclock: fix audit exit status (LP: #1865504) -- Joy Latten Thu, 05 Mar 2020 11:23:23 -0600 ** Changed in: util-linux (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Hi Joy, Marc, Nice catch on this bug. I see the debdiff made focal-proposed just now; cool I'd be happy to review/sponsor for Eoan and Bionic, if you're OK with it. I currently have an SRU in eoan-proposed, which should be promoted next week, so I'm already keeping an eye out for when it's done/possible to upload again. If I may help w/ that, just let me know. cheers, Mauricio -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
ACK on the debdiff in comment #3. Uploaded to focal. Thanks! ** Changed in: util-linux (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Also affects: util-linux (Ubuntu Eoan) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Also affects: util-linux (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
The debdiff for focal ** Attachment removed: "debdiff for focal" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5333544/+files/debdiff.focal ** Attachment added: "debdiff.focal" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5333895/+files/debdiff.focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
Build log https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+build/18795481 ** Bug watch added: Debian Bug tracker #953065 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953065 ** Also affects: util-linux (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953065 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Attachment added: "debdiff for focal" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+attachment/5333544/+files/debdiff.focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865504 Title: hwclock reports incorrect status in audit message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865504] Re: hwclock reports incorrect status in audit message
** Description changed:
+ [IMPACT]
+ hwclock reports incrorect status in audit message
+
+ hwclock calls audit_log_user_message(3) to create an audit entry.
audit_log_user_message(3) result 1 is "success" and 0 is
"failed", hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse
- status. Thus reports status incorrectly in audit message. This has been fixed
upstream in
https://github.com/karelzak/util-linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
+ status. Thus reports it's status incorrectly in audit message.
+
+ It is a requirement for Common Criteria Certification that hwclock
+ reports correct status in audit message.
+
+ This has been fixed upstream in https://github.com/karelzak/util-
+ linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
+
+ [TEST]
+
+ Steps to test:
+ 1. Install auditd
+ 2. Run following testcase,
+
+ # hwclock
+ 2020-03-02 15:03:03.280351+
+ # hwclock --set --date "1/1/2000 00:00:00"
+ # echo $?
+ 0
+ # hwclock
+ 2000-01-01 00:00:05.413924+
+ # hwclock --utc --systohc
+ # echo $?
+ 0
+ # hwclock
+ 2020-03-02 15:07:00.264331+
+
+ Following audit messages from /var/log/audit/audit.log,
+
+ type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips
addr=? terminal=pts/0 res=failed'
+ type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0 auid=1000
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips
addr=? terminal=pts/0 res=failed'
+
+ Note that last entry in each audit record produced when hardware clock
+ was modified has, "res=failed". Although, testcase shows no failure
+ occurred.
+
+ [Regression Potential]
+ There should not be any regression to fix the status given to auditd.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1865504
Title:
hwclock reports incorrect status in audit message
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
