Bug#334445: marked as done (kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces)
Your message dated Thu, 20 Oct 2005 15:45:22 +0900
with message-id <20051020064521.GE28032@verge.net.au>
and subject line Bug#334445: kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Oct 2005 22:22:16 +0000
>From lkcl@lkcl.net Mon Oct 17 15:22:16 2005
Return-path: <lkcl@lkcl.net>
Received: from free.hands.com [83.142.228.128]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ERdN2-0002wL-00; Mon, 17 Oct 2005 15:22:16 -0700
Received: from lkcl.net (bb-87-82-0-122.ukonline.co.uk [87.82.0.122])
by free.hands.com (Postfix) with ESMTP id 1DF25C006
for <submit@bugs.debian.org>; Mon, 17 Oct 2005 23:22:03 +0100 (BST)
Received: from lkcl by lkcl.net with local (Exim 4.24)
id 1ERdMo-0004Gk-CF; Mon, 17 Oct 2005 23:22:02 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-image-2.6.12-1-686: auditd not packaged for debian,
kernel headers don't support required interfaces
X-Mailer: reportbug 2.39
Date: Mon, 17 Oct 2005 23:22:02 +0100
Message-Id: <[🔎] E1ERdMo-0004Gk-CF@lkcl.net>
X-hands-com-MailScanner: Found to be clean
X-MailScanner-From: lkcl@lkcl.net
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: kernel-image-2.6.12-1-686
Severity: normal
on selinux mailing list, copy of message from russell coker:
On Tuesday 18 October 2005 02:39, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > (In or out of enforcing mode). What's the best way for me to get
> > the kernel to log the appropriate messages somewhere?
>
> In 2.6, SELinux was converted over to using the native kernel audit
> subsystem for logging its denials. So:
> - Does your kernel have auditing enabled (CONFIG_AUDIT=y)? If not, time
> to rebuild your kernel.
The Debian kernel binary packages are built with SE Linux enabled but auditing
disabled. I have sent several messages to the relevant people about this
matter and had no positive response. Several 2.6.x kernels have been
released in this state.
> - Are you running auditd? If so, look in /var/log/audit/audit.log or
> wherever /etc/auditd.conf directs audit messages. If not, look
> in /var/log/messages or wherever /etc/syslog.conf directs kern.warn
> messages.
auditd is not yet packaged for Debian. The first person to volunteer gave up
because it was too difficult. I gave it a go but found that the kernel
headers packaged with Debian did not support the interfaces needed by auditd
(this was my impression at the time and I'm going from memory - this
statement may not be entirely correct). When I get back from AUUG2005 I'll
give it another go.
Incidentally being able to build from the standard headers is a requirement
for Debian. All Debian packages get automatically built for architectures
other than the one used for the initial build, so the headers in question
need to be installed in all build machines. I could hack the compile process
for i386 but not for all the rest (I tried it before in the old-selinux days
and it wasn't fun).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.12-1-686 #1 Wed Jul 20 22:07:17 UTC 2005 i686
Locale: LANG=C, LC_CTYPE=C
---------------------------------------
Received: (at 334445-done) by bugs.debian.org; 20 Oct 2005 07:48:13 +0000
>From horms@koto.vergenet.net Thu Oct 20 00:48:12 2005
Return-path: <horms@koto.vergenet.net>
Received: from koto.vergenet.net [210.128.90.7]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ESV9o-0000dr-00; Thu, 20 Oct 2005 00:48:12 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
id 091343403A; Thu, 20 Oct 2005 16:47:41 +0900 (JST)
Date: Thu, 20 Oct 2005 15:45:22 +0900
From: Horms <horms@debian.org>
To: Luke Kenneth Casson Leighton <lkcl@lkcl.net>,
334445-done@bugs.debian.org
Subject: Re: Bug#334445: kernel-image-2.6.12-1-686: auditd not packaged for debian, kernel headers don't support required interfaces
Message-ID: <20051020064521.GE28032@verge.net.au>
References: <[🔎] E1ERdMo-0004Gk-CF@lkcl.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] E1ERdMo-0004Gk-CF@lkcl.net>
X-Cluestick: seven
User-Agent: Mutt/1.5.11
Delivered-To: 334445-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
On Mon, Oct 17, 2005 at 11:22:02PM +0100, Luke Kenneth Casson Leighton wrote:
> Package: kernel-image-2.6.12-1-686
> Severity: normal
>
>
> on selinux mailing list, copy of message from russell coker:
>
> On Tuesday 18 October 2005 02:39, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > > (In or out of enforcing mode). What's the best way for me to get
> > > the kernel to log the appropriate messages somewhere?
> >
> > In 2.6, SELinux was converted over to using the native kernel audit
> > subsystem for logging its denials. So:
> > - Does your kernel have auditing enabled (CONFIG_AUDIT=y)? If not, time
> > to rebuild your kernel.
>
> The Debian kernel binary packages are built with SE Linux enabled but auditing
> disabled. I have sent several messages to the relevant people about this
> matter and had no positive response. Several 2.6.x kernels have been
> released in this state.
Hi Luke,
This recently came up as #333834 and quite contrary to the above
statement, the response has been positive. The option has been enabled
as of 2.6.13 which is in experimental. And as soon as that or something
newer stabalises enough to go into sid, it will be there too. Hopefully
this will be real soon now. And it will without any doubt occur long
before Etch (that was asked in #333834).
http://bugs.debian.org/333834
One thing that came to mind when dealing with 333834, was who to ask on
the selinux side to ask. I thought of you, and I thought of Russell, but
I wasn't sure. In any case, other than an FYI, there didn't seem to be
a whole lot to discuss.
If you could provide a contact that would be great. The upstream mailing
list is fine, if you think that is appropriate. Or alternatively, should
I just CC you? I looked for a debian-selinux list, but couldn't find
one. I didn't look very hard, so I could have easily missed it.
I am closing this bug, as it is a duplucate of #333834. If you would
prefer it to be oppened and merged, please feel free to send the
relevant commands to control@bugs.debian.org
--
Horms
Reply to: