Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: glibc
Labels:
- pt-libraries-evaluated
- rn-yml

Fixed in Build:
glibc-2.39-57.el10
Regression:
No
Severity:
Low
Epic Link:
glibc: Update RHEL 10 to close gap with RHEL 9
Commit Hashes:

Hide
4a50fdf8b2c1106b50cd9056b4c6f3a72cdeed5f
a20bc2f6233a726c7df8eaa332b6e498bd59321f
8f36b1469677afe37168f9af1b77402d7a70c673
c4b160744cb39eca20dc36b39c7fa6e10352706c
495b96e064da605630a23092d1e484ade4bdc093

Show
4a50fdf8b2c1106b50cd9056b4c6f3a72cdeed5f a20bc2f6233a726c7df8eaa332b6e498bd59321f 8f36b1469677afe37168f9af1b77402d7a70c673 c4b160744cb39eca20dc36b39c7fa6e10352706c 495b96e064da605630a23092d1e484ade4bdc093
sprint_count:
1

AssignedTeam:
rhel-pt-c-libs

Story Points:
1
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Products:

Red Hat Enterprise Linux
Sprint:
PT C Libraries 2025 S12

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/149437
Test Coverage:

Automated

Release Note Type:
Bug Fix
Release Note Text:

Hide
.glibc auditing events for proxy `ld.so` in private namespaces

Previously, the glibc dynamic linker called `la_objclose` for the proxy `ld.so` link map in a secondary namespace without a preceding `la_objopen`, which resulted in incomplete object life cycle reporting for tools that rely on `la_objopen` to track shared objects.

Auditing tools that rely on `la_objopen` to establish tracking failed to monitor proxy link maps reliably, resulting in gaps in visibility and possible misinterpretation of unload events.

With this update, the glibc dynamic linker generates `la_objopen` for the applicable link maps, including the proxy `ld.so` in secondary namespaces, ensuring a consistent sequence for the auditing interface.

As a result, auditors can track proxy link maps throughout their life cycle with consistent `la_objopen` and `la_objclose` pairs, improving the reliability of audit tooling and diagnostics.

Show
.glibc auditing events for proxy `ld.so` in private namespaces Previously, the glibc dynamic linker called `la_objclose` for the proxy `ld.so` link map in a secondary namespace without a preceding `la_objopen`, which resulted in incomplete object life cycle reporting for tools that rely on `la_objopen` to track shared objects. Auditing tools that rely on `la_objopen` to establish tracking failed to monitor proxy link maps reliably, resulting in gaps in visibility and possible misinterpretation of unload events. With this update, the glibc dynamic linker generates `la_objopen` for the applicable link maps, including the proxy `ld.so` in secondary namespaces, ensuring a consistent sequence for the auditing interface. As a result, auditors can track proxy link maps throughout their life cycle with consistent `la_objopen` and `la_objclose` pairs, improving the reliability of audit tooling and diagnostics.
Release Note Status:
Done
ProdDocsReview-CCS:
Required
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Done

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

This is a clone of issue RHEL-49549 to use for version rhel-10.1
–
Original description:
What were you trying to do that didn't work?
When using the audit interface, when ld.so is proxied into a private namespace, only la_objclose is called. This can cause issues with tools using the audit interface that expect la_objopen to also be called.
Please provide the package NVR for which bug is seen:
Red Hat Enterprise Linux 9
glibc-2.34-100.el9_4.2.x86_64
glibc-common-2.34-100.el9_4.2.x86_64
How reproducible:
Customer this is opened for was able to reproduce consistently
Steps to reproduce
1. Extract tarball archive.
2. Run 'make' on code.
3. Observe Behavior.

Expected results
During audit, la_objclose is not called when ld.so is in proxied namespace.
Actual results
During audit, la_objclose is called when ld.so is in proxied namespace.

NOTE: An upstream listing with glibc has been filed as well for this issue alongside Fedora.

https://sourceware.org/bugzilla/show_bug.cgi?id=31985
https://bugzilla.redhat.com/show_bug.cgi?id=2297218

clones

RHEL-49549 glibc: la_objclose is called for ld.so in a private namespace, but not la_objopen [rhel-9]

Release Pending

depends on

RHEL-109536 glibc: Import bug fixes: 2.39 → c10s (snapshot 7)

Release Pending

links to

RHBA-2025:149437 glibc bug fix and enhancement update

Assignee:: Martin Coufal

Reporter:: Watson Automation

Developer:: Florian Weimer

QA Contact:: Martin Coufal

Doc Contact:: Malhar Jivrajani

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2025/08/18 12:48 PM

Updated:: 2025/10/08 5:13 PM

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide