Enable auditing in util-linux.

build log and tests run
https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+build/13375821

Comment #3 Should have read "Common Criteria EAL2 hwclock testcase".

Build logs and test runs can be found in PPA at, https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+packages

Please note, the versioning of the packages are incorrect in PPA, my apologies. I did them correctly in the debdiff for each release that I have attached.

Comment #3 just contains the testcase I use to verify that the audit entry is created when the config option is enabled.

I have also submitted a patch against recent debian version of this package to Debian. Just in case, I also noted in the debian bug thread the following:

- util-linux package is Priority: required and the libaudit1 package is
Priority: optional.

Possibly this is no longer a problem in reference to a change in Version
4.0.1 listed here,
https://www.debian.org/doc/packaging-manuals/upgrading-checklist.txt

ACK on the debdiffs, uploaded for processing by the SRU team with a couple of minor changelog changes: added bug number, fixed versioning.

Thanks!

Hello Joy, or anyone else affected,

Accepted util-linux into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util-linux/2.30.1-0ubuntu4.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Generated an artful VM and verified that this is fixed in artful.

ubuntu@artfulguest:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="17.10 (Artful Aardvark)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.10"
VERSION_ID="17.10"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=artful
UBUNTU_CODENAME=artful

altered the hwclock via "sudo hwclock --set --date "1/1/2000 00:00:00"

received following audit log message in appropriate log files when applicable.
type=USER_CMD msg=audit(1511896792.291:29): pid=3008 uid=1000 auid=1000 ses=2 msg='cwd="/home/ubuntu" cmd="hwclock" terminal=pts/0 res=success'

Sorry, comment #13 had a cut-and-paste issue.

log message is,
type=USYS_CONFIG msg=audit(1511898182.500:184): pid=3305 uid=0 auid=1000 ses=2 msg='op=change-system-time exe="/sbin/hwclock" hostname=artfulguest addr=? terminal=pts/0 res=success'

version of package verified on artful,

ubuntu@artfulguest:~$ dpkg -l | grep util-linux
ii util-linux 2.30.1-0ubuntu4.1 amd64 miscellaneous system utilities

Hello Joy, or anyone else affected,

Accepted util-linux into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util-linux/2.27.1-6ubuntu3.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Joy, or anyone else affected,

Accepted util-linux into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util-linux/2.29-1ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Verified on xenial on a P8 and a z13 zlpar.

From P8:
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

$ uname -a
Linux xxxx 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:53:44 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux

$ dpkg -l | grep util-linux
ii util-linux 2.27.1-6ubuntu3.4 ppc64el miscellaneous system utilities

resulting log message, after altering system clock,

type=USYS_CONFIG msg=audit(1512153890.632:29): pid=26156 uid=0 auid=1000 ses=998 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/0 res=success'

--------------------

Test on z-13 zlpar,

$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

uname -a
Linux xxxx 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:35:14 UTC 2017 s390x s390x s390x GNU/Linux

ubuntu@s1lp12:~$ dpkg -l | grep util-linux
ii util-linux 2.27.1-6ubuntu3.4 s390x miscellaneous system utilities

$ /usr/bin/sudo hwclock --set --date "1/1/2000 00:00:00"
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --debug option to see the details of our search for an access method.

This is correct behaviour since zlpar cannot access the hw clock and is consistent with prior versions.

message logged indicates the failure,
type=USYS_CONFIG msg=audit(1512154473.517:12321): pid=84471 uid=0 auid=1000 ses=1134 msg='changing system time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/1 res=failed'

verified successfully in amd64 VM for zesty.

$ cat /etc/os-release
NAME="Ubuntu"
VERSION="17.04 (Zesty Zapus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 17.04"
VERSION_ID="17.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=zesty
UBUNTU_CODENAME=zesty

$ dpkg -l | grep util-linux
ii util-linux 2.29-1ubuntu2.2 amd64 miscellaneous system utilities

$ uname -a
Linux zestyguest 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

message logged after altering hardware clock,

type=USYS_CONFIG msg=audit(1512158548.257:24): pid=3081 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=? addr=? terminal=pts/0 res=success'

Please could someone check the autopkgtest failures listed against this SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html?

Summary of analysis of the autopkgtest failures listed for this SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html

For Xenial regressions:

1. In xenial, the failing testcases had been skipped in prior versions and not run.
i.e. "SKIP Test requires machine-level isolation but testbed does not provide that"

I talked to Julian who informed me that s390x testd went from LXC containers to VMs.

Now those tests that had not been run before, were executing and failing.

Summary of analysis of the autopkgtest failures listed for his SRU in http://people.canonical.com/~ubuntu-archive/pending-sru.html

For Artful regressions:

1. dpdk (s390x), ocfs2-tools (s390x), lxcfs(s390x), ori(s390x), network-manager(s390x), lxd(s390x)
These all have failing testcases that were skipped in prior version of util-linux. The same reason stated in comment #21 above may be applicable here as well.

2. network-manager(ppc64el) - has had 2 runs. In one run, test_wpa1_ip4 fails, test_rfkill pass. In the other run, test_wpa1_ip4 pass and test_rfkill fail. A timeout results in the failure. Seems testcases do pass for this version of util-linux but sensitive current workload maybe...

3. gnocchi(all platforms) - further investigating.

4. libdata-uuid-libuuid-perl(s390x) - might be to the change in test environment such as #1.

5. tracker(arm64) - further investigation. no prior run to compare with.

6. nplan(arm64) - further investigation. no prior run to compare with.

Update on Artful regression analysis from comment #22.

1. Same as in comment #22. Hopefully these can be ignored as they were for xenial.

2. Same as in comment #22. tests passed in different runs as stated above. When the failures occurred, was because of time outs while waiting for something. Failures appear to be intermittent and not related to change made here.

3. gnocchi - appear to be a testcase usage message from python. Not related to change made in this bug.

4. libdata-uuid-libuuid-perl (s390x) Julian did a test here using hello and prior version of util-linux and they both failed with same error. So this error is not related to this bug change. Something else changed perhaps in testcase or test environment.

5. tracker passes on a re-run

6. nplan passes on a re-run

Conclusion: Hopefully above explanations result in regressions having been resolved so util-linux in artful can be promoted.

This bug was fixed in the package util-linux - 2.30.1-0ubuntu4.1

---------------
util-linux (2.30.1-0ubuntu4.1) artful; urgency=medium

  * Add --with-audit to rules file and libaudit-dev to build depenedencies.
    The hwclock needs audit defined in order to create audit records when
    time is changed. (LP: #1722313)

 -- Joy Latten <email address hidden> Sun, 05 Nov 2017 18:14:49 -0600

The verification of the Stable Release Update for util-linux has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package util-linux - 2.27.1-6ubuntu3.4

---------------
util-linux (2.27.1-6ubuntu3.4) xenial; urgency=medium

  * Add --with-audit to rules file and libaudit-dev to build depenedencies.
    The hwclock needs audit defined in order to create audit records when
    time is changed. (LP: #1722313)

 -- Joy Latten <email address hidden> Fri, 03 Nov 2017 17:46:07 -0500