[PATCH 1/2] fix auditctl -D

[Joy Latten]

The fix for the problem of auditctl -D not working
consists of two patches. One is the userspace patch
and the other is for the kernel.

Below is the userspace patch. I added AUDIT_DEL_ALL flag.

Regards,
Joy

diff -urpN audit-1.1.5.orig/lib/msg_typetab.h audit-1.1.5/lib/msg_typetab.h
--- audit-1.1.5.orig/lib/msg_typetab.h  2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/lib/msg_typetab.h       2006-04-28 09:53:13.000000000 -0500
@@ -31,6 +31,7 @@
 //_S(AUDIT_LIST,                     "LIST"                          )
 //_S(AUDIT_ADD,                      "ADD"                           )
 //_S(AUDIT_DEL,                      "DEL"                           )
+//_S(AUDIT_DEL_ALL,                  "DEL_ALL"                       )
 _S(AUDIT_USER,                       "USER"                          )
 _S(AUDIT_LOGIN,                      "LOGIN"                         )
 //_S(AUDIT_SIGNAL_INFO,              "SIGNAL_INFO"                   )
diff -urpN audit-1.1.5.orig/src/auditctl.c audit-1.1.5/src/auditctl.c
--- audit-1.1.5.orig/src/auditctl.c     2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/src/auditctl.c  2006-04-28 09:51:06.000000000 -0500
@@ -1104,62 +1104,12 @@ static int audit_print_reply(struct audi
 /* Returns 0 for success and -1 for failure */
 static int delete_all_rules(void)
 {
-       int seq, i;
-       int timeout = 40; /* tenths of seconds */
-       struct audit_reply rep;
-       fd_set read_mask;
+       int rc = 0;
 
-       /* list the rules */
-       seq = audit_request_rules_list(fd);
-       if (seq <= 0) 
+       rc = audit_send(fd, AUDIT_DEL_ALL, NULL, 0);
+       if (rc < 0) {
+               fprintf(stderr, "Error deleting rule (%s)\n", strerror(-rc));
                return -1;
-
-       FD_ZERO(&read_mask);
-       FD_SET(fd, &read_mask);
-
-       for (i = 0; i < timeout; i++) {
-               struct timeval t;
-               int rc;
-
-               t.tv_sec  = 0;
-               t.tv_usec = 100000; /* .1 second */
-               do {
-                       rc = select(fd+1, &read_mask, NULL, NULL, &t);
-               } while (rc < 0 && errno == EINTR);
-               // We'll try to read just in case
-               rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
-               if (rc > 0) {
-                       /* Reset timeout */
-                       i = 0;
-
-                       /* Don't make decisions based on wrong packet */
-                       if (rep.nlh->nlmsg_seq != seq)
-                               continue;
-
-                       /* If we get done or error, break out */
-                       if (rep.type == NLMSG_DONE)
-                               break;
-
-                       if (rep.type == NLMSG_ERROR && rep.error->error) {
-                               fprintf(stderr, 
-                                       "Error receiving rules list (%s)\n", 
-                                       strerror(-rep.error->error));
-                               return -1;
-                       }
-
-                       /* If its not what we are expecting, keep looping */
-                       if (rep.type != AUDIT_LIST)
-                               continue;
-
-                       /* Found it, bounce it right back with delete */
-                       rc = audit_send(fd, AUDIT_DEL, rep.rule, 
-                                       sizeof(struct audit_rule));
-                       if (rc < 0) {
-                               fprintf(stderr, "Error deleting rule (%s)\n",
-                                       strerror(-rc)); 
-                               return -1;
-                       }
-               }
        }
 
        return 0;

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit