kernel-packages team mailing list archive

[Brad Figg <brad.figg@xxxxxxxxxxxxx>]

This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:

apport-collect 1158500

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.

** Changed in: linux (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1158500

Title:
  auditd fails to add rules when used in precise with -lts-quantal
  kernel

Status in “audit” package in Ubuntu:
  New
Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  auditctl fails to add rules when run with the -lts-quantal kernel

  Eample:
  # auditctl -l
  No rules
  # auditctl -a entry,always -F arch=b64 -S execve -k exec
  Error sending add rule data request (Invalid argument)
  #

  Looks like the syscall table needs updating, it works with the 3.2.0
  kernel.

  Tagging this as a security vulnerability because it fails fairly
  quietly and may lead to high security systems not having required
  auditing (like PCI compliant systems), I only noticed by looking in
  /var/log/boot.log.

  Description:	Ubuntu 12.04.2 LTS
  Release:	12.04

  ii  auditd                             1.7.18-1ubuntu1                    User space tools for security auditing
  ii  linux-image-generic-lts-quantal    3.5.0.26.33                        Generic Linux kernel image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions