Re: [PATCH] audit: convert status version to a feature bitmap

Steve Grubb Mon, 17 Nov 2014 10:14:47 -0800

On Monday, November 17, 2014 01:08:39 PM Richard Guy Briggs wrote:
> > > Looks like good output to me, Steve?
> > 
> > I would like it better if the following was tested as root:
> > 
> > auditctl -s
> > echo "1" > /proc/self/loginuid
> > auditctl --loginuid-immutable
> > auditctl -s
> > echo "2" > /proc/self/loginuid
> > 
> > This was we know that the feature is correctly reported, selected, and
> > working.
> 
> This looks sane:


Thanks for testing this.
 
> [root@f20 ~]# auditctl -s
> enabled 1
> flag 1
> pid 307
> rate_limit 0
> backlog_limit 320
> lost 0
> backlog 0
> backlog_wait_time 60000
> loginuid_immutable 0 unlocked
> [root@f20 ~]# echo "1" > /proc/self/loginuid
> [root@f20 ~]# auditctl --loginuid-immutable
> [root@f20 ~]# auditctl -s
> enabled 1
> flag 1
> pid 307
> rate_limit 0
> backlog_limit 320
> lost 0
> backlog 0
> backlog_wait_time 60000
> loginuid_immutable 1 locked
> [root@f20 ~]# echo "2" > /proc/self/loginuid
> -bash: echo: write error: Operation not permitted

OK. Looks good to me, too.

-Steve

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH] audit: convert status version to a feature bitmap

Reply via email to