When trying to use auditctl under mga5 it fails like so: $ auditctl -w /tmp Error sending add rule data request (Invalid argument) Seems CONFIG_AUDITSYSCALL is not enabled anymore for the newer kernels: $ zgrep CONFIG_AUDITSYSCALL /proc/config.gz # CONFIG_AUDITSYSCALL is not set kernel used: $ uname -r 4.1.15-desktop-2.mga5
@Thomas: Is there any particular reason why CONFIG_AUDITSYSCALL is disabled?
CC: (none) => doktor5000Assignee: bugsquad => tmb
IIRC it was disabled to fix CVE-2014-3917: https://bugs.mageia.org/show_bug.cgi?id=13487 https://fedorahosted.org/fesco/ticket/1311 http://seclists.org/oss-sec/2014/q2/377
Mass-reassigning all bugs with "kernel" in the summary that are still assigned to tmb (or wrongly assigned to someone with "tmb" in his e-mail address) to the kernel packagers group, but without adding "kernel" to the SRPM field. Please reassign if needed, or add kernel to the SRPM field if this is correct.
Assignee: tmb => kernel
Closing this, see comment 2 and the linked bug 13487 > kernel/auditsc.c in the Linux kernel through 3.14.5, when > CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local > users to obtain potentially sensitive single-bit values from kernel memory > or cause a denial of service (OOPS) via a large value of a syscall number. > (CVE-2014-3917) > As CONFIG_SYSCALL also have other potential security issues, it has been > disabled in order to protect installed mageia systems.
Status: NEW => RESOLVEDResolution: (none) => WONTFIX