Me likie much more. On Tue, Dec 23, 2014 at 4:26 PM, Paul Moore <[email protected]> wrote: > On Tuesday, December 23, 2014 01:02:04 PM Richard Guy Briggs wrote: >> A regression was caused by commit 780a7654cee8: >> audit: Make testing for a valid loginuid explicit. >> (which in turn attempted to fix a regression caused by e1760bd) >> >> When audit_krule_to_data() fills in the rules to get a listing, there was a >> missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. >> >> This broke userspace by not returning the same information that was sent and >> expected. >> >> The rule: >> auditctl -a exit,never -F auid=-1 >> gives: >> auditctl -l >> LIST_RULES: exit,never f24=0 syscall=all >> when it should give: >> LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all >> >> Tag it so that it is reported the same way it was set. Create a new >> private flags audit_krule field (pflags) to store it that won't interact >> with the public one from the API. >> >> Cc: [email protected] # v3.10-rc1+ >> Signed-off-by: Richard Guy Briggs <[email protected]> >> --- >> include/linux/audit.h | 4 ++++ >> kernel/auditfilter.c | 10 ++++++++++ >> 2 files changed, 14 insertions(+), 0 deletions(-) > > Applied, thanks. > > -- > paul moore > security @ redhat >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
