Public bug reported:
It seems, that auditctl as packaged with Ubuntu Precise 1204 uses an old
syscall API control to add rules:
#define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */
The new value should be
#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
The value is deprecated, the audit_netlink_ok function after 2013-04-30
will refuse to accept it, see commit [1]
Since the value is declared deprecated since 2006-03-20 (see [2]), it
would be nice, that Ubuntu Precise would use the new syscall API,
otherwise it cannot be used on kernels more than one year newer than the
initial Precise release, which might be problematic with kernel
development strategies, that are more dependent on trunk kernels, e.g.
linux vserver virtualization. See [3]
# lsb_release -rd
Description: Ubuntu 12.04.4 LTS
Release: 12.04
# apt-cache policy auditd
auditd:
Installed: 1.7.18-1ubuntu1
Candidate: 1.7.18-1ubuntu1
Version table:
*** 1.7.18-1ubuntu1 0
100 /var/lib/dpkg/status
[1]
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18900909163758baf2152c9102b1a0953f7f1c30
[2]
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93315ed6dd12dacfc941f9eb8ca0293aadf99793
[3] http://archives.linux-vserver.org/201405/0004.html
** Affects: audit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1317188
Title:
auditctl in Precise 1204 uses syscall API deprecated since 2006, fails
to work with kernels after 2013-04-30
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1317188/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
