Hello steve,
The field of 'syscall=all' is redundant for fielter 'exclude',
so it should be deleted, e.g.
# auditctl -l
LIST_RULES: exclude,always syscall=all
should be:
LIST_RULES: exclude,always
Signed-off-by: Yu Zhiguo<[EMAIL PROTECTED]>
---
src/auditctl.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index 70a54f3..60c2a80 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1424,7 +1424,9 @@ static int audit_print_reply(struct audit_reply *rep)
((rep->rule->flags & AUDIT_FILTER_MASK) !=
AUDIT_FILTER_USER) &&
((rep->rule->flags & AUDIT_FILTER_MASK) !=
- AUDIT_FILTER_TASK)) {
+ AUDIT_FILTER_TASK) &&
+ ((rep->rule->flags & AUDIT_FILTER_MASK) !=
+ AUDIT_FILTER_EXCLUDE)) {
printf(" syscall=");
for (sparse = 0, i = 0;
i < (AUDIT_BITMASK_SIZE-1); i++) {
--
1.5.4.2
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
