Auvirt adds quotes to the given VM name when creating the search criteria. With
the previous patch, this workaround is no longer needed and this patch removes
it.
---
tools/auvirt/auvirt.c | 19 +------------------
1 files changed, 1 insertions(+), 18 deletions(-)
diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c
index c04780a..11d6e97 100644
--- a/tools/auvirt/auvirt.c
+++ b/tools/auvirt/auvirt.c
@@ -312,24 +312,7 @@ int create_search_criteria(auparse_state_t *au)
}
}
if (vm) {
- /*
- * If a field has its value quoted in the audit log, for
- * example:
- * vm="guest-name"
- *
- * auparse will consider the field value with quotes when
- * matching a rule. For example, using the example above the
- * following rule will not match:
- * ausearch_add_item(au, "vm", "=", "guest-name", how);
- *
- * But this rule will match:
- * ausearch_add_item(au, "vm", "=", "\"guest-name\"", how);
- *
- * TODO use a better approach for this problem...
- */
- snprintf(expr, sizeof(expr), "\"%s\"", vm);
- if (ausearch_add_item(au, "vm", "=", expr,
- AUSEARCH_RULE_AND)) {
+ if (ausearch_add_item(au, "vm", "=", vm, AUSEARCH_RULE_AND)) {
fprintf(stderr, "Criteria error: id\n");
return 1;
}
--
1.7.1
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
