On 14/11/17, Steve Grubb wrote: > On Monday, November 17, 2014 01:08:39 PM Richard Guy Briggs wrote: > > > > Looks like good output to me, Steve? > > > > > > I would like it better if the following was tested as root: > > > > > > auditctl -s > > > echo "1" > /proc/self/loginuid > > > auditctl --loginuid-immutable > > > auditctl -s > > > echo "2" > /proc/self/loginuid > > > > > > This was we know that the feature is correctly reported, selected, and > > > working. > > > > This looks sane: > > Thanks for testing this. > > > [root@f20 ~]# auditctl -s > > enabled 1 > > flag 1 > > pid 307 > > rate_limit 0 > > backlog_limit 320 > > lost 0 > > backlog 0 > > backlog_wait_time 60000 > > loginuid_immutable 0 unlocked > > [root@f20 ~]# echo "1" > /proc/self/loginuid > > [root@f20 ~]# auditctl --loginuid-immutable > > [root@f20 ~]# auditctl -s > > enabled 1 > > flag 1 > > pid 307 > > rate_limit 0 > > backlog_limit 320 > > lost 0 > > backlog 0 > > backlog_wait_time 60000 > > loginuid_immutable 1 locked > > [root@f20 ~]# echo "2" > /proc/self/loginuid > > -bash: echo: write error: Operation not permitted > > OK. Looks good to me, too.
I've added the test procedure to the bug report. > -Steve - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
