hwclock's audit record does not have correct exit status #966
Comments
karelzak
added a commit
that referenced
this issue
Feb 27, 2020
According to audit_log_user_message(3) result 1 is "success" and 0 is
"failed", we use standard EXIT_{SUCCESS,FAILURE} macros with reverse
status.
Addresses: #966
Signed-off-by: Karel Zak <kzak@redhat.com>
|
Oh, good catch. Thanks! Fixed. |
karelzak
added a commit
that referenced
this issue
May 15, 2020
According to audit_log_user_message(3) result 1 is "success" and 0 is
"failed", we use standard EXIT_{SUCCESS,FAILURE} macros with reverse
status.
Addresses: #966
Signed-off-by: Karel Zak <kzak@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hwclock code uses EXIT_SUCCESS == 0 and EXIT_FAILURE == 1.
hwclock_exit() calls audit_log_user_message() and sometimes uses the exit status from a call as the status it passes to create the audit record.
The audit_log_user_message() manpage states that for the status or result, 1 is "success" and 0 is "failed"
So hwclock sends the opposite of what audit_log_user_message() expects for status.
Although the hwclock command was successful, the audit record's, "res" field has that it failed.
type=USYS_CONFIG msg=audit(1582729727.515:29021): pid=15698 uid=0 auid=1000 ses=347 msg_1='op=change-system-time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/1 res=failed'
hwclock needs to pass status as understood by audit_log_user_message().
The text was updated successfully, but these errors were encountered: