[PATCH] fix ppid bug in 2.6.18 kernel

Steve Grubb Sat, 26 Aug 2006 11:06:16 -0700

Hello,

During some troubleshooting, I found that ppid was accidentally omitted from
the legacy rule section. This resulted in EINVAL for any rule with ppid sent
with AUDIT_ADD.


Signed-off-by: Steve Grubb <[EMAIL PROTECTED]>


diff -urp linux-2.6.17.x86_64.orig/kernel/auditfilter.c 
linux-2.6.17.x86_64/kernel/auditfilter.c
--- linux-2.6.17.x86_64.orig/kernel/auditfilter.c       2006-08-26 
13:50:19.000000000 -0400
+++ linux-2.6.17.x86_64/kernel/auditfilter.c    2006-08-26 13:52:30.000000000 
-0400
@@ -413,6 +413,7 @@ static struct audit_entry *audit_rule_to
                case AUDIT_PERS:
                case AUDIT_ARCH:
                case AUDIT_MSGTYPE:
+               case AUDIT_PPID:
                case AUDIT_DEVMAJOR:
                case AUDIT_DEVMINOR:
                case AUDIT_EXIT:

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

[PATCH] fix ppid bug in 2.6.18 kernel

Reply via email to