[Pkg-utopia-maintainers] Bug#727771: dbus: Please enable audit support

Laurent Bigonville bigon at debian.org
Sun Oct 27 16:33:09 UTC 2013 

Le Sat, 26 Oct 2013 22:39:49 +0100,
Simon McVittie <smcv at debian.org> a écrit :

> On 26/10/13 16:27, Laurent Bigonville wrote:
> > It would be nice is audit support was enabled during build.
> > 
> > This is allowing to have the AVC denials also logged by the audit
> > subsystem.
> > 
> > This would add a dependency against libaudit and libcap-ng
> 
> I see you intend to take over maintenance of libaudit. In your
> opinion, are libaudit and libcap-ng generally reasonably bug-free,
> and of a quality that you would be OK with linking into, for
> instance, pid 1?
> 
> (AFAICS it's only dbus-daemon that gets linked to libaudit and
> libcap-ng, not libdbus; but on systems that rely on D-Bus for
> networking via NetworkManager/etc. or administrative tasks via
> systemd/PolicyKit/UPower/ConsoleKit/etc., dbus-daemon needs to be
> almost as reliable as pid 1.)

Since I took over the maintenance of audit in Debian (not a long time
ago I should say) I didn't saw any critical bug related to audit. I
think that the developers are trying to be cautious, the audit subsystem
is subjected to some Gvt standard I think.

And btw, SystemD itself is depending on libaudit.

I don't think that enabling the auditing code in dbus should cause
issues.

> 
> I want to be reasonably conservative about dbus-daemon's dependencies,
> particularly given that nobody active in dbus upstream (even the Red
> Hat/Fedora people...) seems to be willing to say anything
> authoritative about SELinux - e.g. see
> <https://bugs.freedesktop.org/show_bug.cgi?id=49062>.

I've added a comment on this bug, I'm wondering if the patch has not
broken the auditing code in dbus.

I'm still investigating.

> If we only call into libaudit on SELinux and not on non-LSM systems,
> that would make me feel better about it (I'd have to check the code).
> Enabling it first in experimental, then in unstable later, would
> probably be a good move.

audit_open() and audit_close() seems to be called in all the cases, even
if SELinux is not enabled on the machine. But note that audit could
also be used for other things, like logging a bus permission/policy
violation.

my 2¢

Laurent Bigonville

More information about the Pkg-utopia-maintainers mailing list