On Thu, Dec 15, 2011 at 5:36 AM, Steve Grubb <[email protected]> wrote:
> > Yeah, good catch. I can fix this when I apply the patch to svn. No need to re- > send unless there is something else needing fixing as well. I've got a sort of hacky way of getting -l to work. In order to use fieldtab.h and audit_field_to_name, I had to move the AUDIT_COMPARE_* defines to be unique WRT to the other audit fields in include/linux/audit.h. Then I can add the AUDIT_COMPARE_* definitions to fieldtab.h like: _S(AUDIT_COMPARE_UID_TO_OBJ_UID, "uid,obj_uid" ) ... _S(AUDIT_COMPARE_SGID_TO_FSGID, "sgid,fsgid" ) then auditctl -l splits on the ','. This does mean that no matter what order comparisons are entered on the command line, they'll only ever be displayed in the order in which they appear in fieldtab.h Does this sound reasonable? I can send my patches along if it does. Cheers, peter -- Peter Moody Google 1.650.253.7306 Security Engineer pgp:0xC3410038 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
