IBM Support

IJ35466: SELINUX SUPPORT FOR FILE AUDIT LOGGING FILESET

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When a subfolder or audit log is created under the
File Audit Logging fileset, it inherits a default
selinux security context. This default value
does not allow applications such as rsyslog
the ablility to read the audit log contents.

Local fix

  • 



Problem summary


    

  • When a subfolder or audit log is created under the
File Audit Logging fileset, it inherits a default
selinux security context. This default value
does not allow applications such as rsyslog
the ablility to read the audit log contents.

    



Problem conclusion


    

  • This problem is fixed in 5.1.2  PTF 1
To see all Spectrum Scale APARs and
their respective fix solutions refer to page
https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_
apars.html

Benefits of the solution:
Selinux support on the File Audit Logging
fileset will allow applications, such as rsyslog,
to read the contents of the log file. These log
contents can then be forwarded to other
applications like IBM QRadar for additional insights.
Work around: N/A
Problem trigger: N/A
Symptom:  Unexpected Results/Behavior
Platforms affected: ALL Linux OS environments
Functional Area affected: File audit logging
Customer Impact: Suggested

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ35466
    • 

  • Reported component name
    SPEC SCALE STD
    • 

  • Reported component ID
    5737F33AP
    • 

  • Reported release
    512
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-10-11
    • 

  • Closed date
    2021-10-11
    • 

  • Last modified date
    2021-10-11
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SPEC SCALE STD
    • 

  • Fixed component ID
    5737F33AP
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STXKQY"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"512","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            13 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback