Overview
Request 1201646 declined
reinstate dir for /etc/audit
- Created by wfrisch
- In state declined
- Supersedes 1201545
-
Open review for
opensuse-review-team
-%dir %attr(750,root,root) %{_sysconfdir}/audit
-%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
+%dir %attr(750,root,root) %{_sysconfdir}/audit/plugins.d
that means /etc/audit is no longer owned by audit? bad practice to create directories below a non-onwed, non-system-owned directory
Hi dimstar, I reinstated %dir ... /etc/audit for the main audit package. Is it acceptable now?
https://build.opensuse.org/request/show/1201646
/etc/audit is now owned by the audit-rules subpackage:
+%dir %attr(750,root,root) %{_sysconfdir}/audit
Let me know if you think this (or introducing the audit-rules subpackage) should be a problem -- I thought it would cause more trouble, but on my (controlled/ideal) test environment all went good.
Hi Enzo, thanks for looking into it. I left your change and additionally added %dir %attr(750,root,root) %{_sysconfdir}/audit in the main audit package. This doesn't seem to be a problem. I can install all RPMs just fine.
Request History
wfrisch created request
reinstate dir for /etc/audit
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory set openSUSE:Factory:Staging:N as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:N"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:N"
licensedigger accepted review
ok
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:N"
anag+factory declined review
sr#1204507 has newer source and is from the same project
anag+factory declined request
sr#1204507 has newer source and is from the same project
can you please add a little more detail from the changes or at least a link to a changelog
currently there is only: + * Includes fixes since v3.1.1
Sure, let me know if this looks better so I can resubmit:
https://build.opensuse.org/package/rdiff/home:ematsumiya:branches:security/audit?linkrev=base&rev=4
yes, thanks. this does look a lot better!
There is still an issue in docker when building with this audit version:
audit-rules now owns it:
%files -n audit-rules ... +%dir %attr(750,root,root) %{_sysconfdir}/audit/rules.dAnd that error didn't show up for me (e.g. here): https://build.opensuse.org/build/openSUSE:Factory:Staging:N/standard/x86_64/audit:audit-secondary/_log
So I don't know what docker could be doing differently, or what I could change in audit spec to make it compatible. If anyone has a hint, I'd appreciate it -- I'm having a really hard time dealing with these build issues.
Hi Enzo, This is not a build issue, this is a packaging issue in docker and sadly they're always going to happen because the scripts detecting them only run in Staging. The original issue is already fixed in https://build.opensuse.org/request/show/1201819 , a second upload is needed for the permissions.
Hi @ematsumiya
The docker problems were fixed, this is right now stuck waiting for you to update audit following the review comments above.
There are however some openQA tests failing because /var/log/audit/ doesn't exit see https://openqa.opensuse.org/tests/4502810#step/journal_check/41 Is expected that this directory doesn't exist anymore?
Uh I completely forgot to resubmit after Ruediger's ok.
/var/log/audit was supposed to still exist just fine -- it wasn't modified in any way in the spec file.
I'll check what's going on and then I can fix this as well, if needed, before resubmitting.
What I understand from https://openqa.opensuse.org/tests/4502810#step/journal_check/41 is that /var/log/audit (the directory) does exist as you can see from https://openqa.opensuse.org/tests/4502810#step/journal_check/37
However, it's empty, as auditd was probably never started and/or logged anything.
Can you double check those please? Or if you can point/teach me to how I can reproduce this error, I can try it locally.
the directory is probably empty as installing
auditresults in no rules being present (audit-rules is not required) which means there is nothing to do for audit.found a minor error in the spec files:
audit-rules.service has been moved out of the audit package, the post/postun script should no longer handle that sevice
Pushed fixes for your comments:
https://build.opensuse.org/package/rdiff/home:ematsumiya:branches:security/audit?linkrev=base&rev=5
You will need to create a new submission to factory - the SRs are pinned to the revision you originally pushed (allowing you to further work on a package while a submission is pending)