On 14/12/23, Paul Moore wrote: > On Tuesday, December 23, 2014 04:41:42 PM Paris, Eric wrote: > > Me likie much more. > > Yeah, me too.
Good, thanks for your patience guys. > > On Tue, Dec 23, 2014 at 4:26 PM, Paul Moore <[email protected]> wrote: > > > On Tuesday, December 23, 2014 01:02:04 PM Richard Guy Briggs wrote: > > >> A regression was caused by commit 780a7654cee8: > > >> audit: Make testing for a valid loginuid explicit. > > >> > > >> (which in turn attempted to fix a regression caused by e1760bd) > > >> > > >> When audit_krule_to_data() fills in the rules to get a listing, there was > > >> a > > >> missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. > > >> > > >> This broke userspace by not returning the same information that was sent > > >> and expected. > > >> > > >> The rule: > > >> auditctl -a exit,never -F auid=-1 > > >> > > >> gives: > > >> auditctl -l > > >> > > >> LIST_RULES: exit,never f24=0 syscall=all > > >> > > >> when it should give: > > >> LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all > > >> > > >> Tag it so that it is reported the same way it was set. Create a new > > >> private flags audit_krule field (pflags) to store it that won't interact > > >> with the public one from the API. > > >> > > >> Cc: [email protected] # v3.10-rc1+ > > >> Signed-off-by: Richard Guy Briggs <[email protected]> > > >> --- > > >> > > >> include/linux/audit.h | 4 ++++ > > >> kernel/auditfilter.c | 10 ++++++++++ > > >> 2 files changed, 14 insertions(+), 0 deletions(-) > > > > > > Applied, thanks. > > > > > > paul moore > > paul moore - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
