On Tuesday, December 23, 2014 04:41:42 PM Paris, Eric wrote: > Me likie much more.
Yeah, me too. > On Tue, Dec 23, 2014 at 4:26 PM, Paul Moore <[email protected]> wrote: > > On Tuesday, December 23, 2014 01:02:04 PM Richard Guy Briggs wrote: > >> A regression was caused by commit 780a7654cee8: > >> audit: Make testing for a valid loginuid explicit. > >> > >> (which in turn attempted to fix a regression caused by e1760bd) > >> > >> When audit_krule_to_data() fills in the rules to get a listing, there was > >> a > >> missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. > >> > >> This broke userspace by not returning the same information that was sent > >> and expected. > >> > >> The rule: > >> auditctl -a exit,never -F auid=-1 > >> > >> gives: > >> auditctl -l > >> > >> LIST_RULES: exit,never f24=0 syscall=all > >> > >> when it should give: > >> LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all > >> > >> Tag it so that it is reported the same way it was set. Create a new > >> private flags audit_krule field (pflags) to store it that won't interact > >> with the public one from the API. > >> > >> Cc: [email protected] # v3.10-rc1+ > >> Signed-off-by: Richard Guy Briggs <[email protected]> > >> --- > >> > >> include/linux/audit.h | 4 ++++ > >> kernel/auditfilter.c | 10 ++++++++++ > >> 2 files changed, 14 insertions(+), 0 deletions(-) > > > > Applied, thanks. > > > > -- > > paul moore > > security @ redhat -- paul moore security @ redhat -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
