Package: audit Version: 1.7.13-1 Severity: normal I sent a bug report to upstream (linux-au...@redhat.com), but it seems it doesn't work. So, I am filing the bug report into Debian BTS.
I am using audit-1.7.13 on Debian. Using the tool auditctl, I got an error when I tried to specify inode with != operator. # auditctl -a exit,always -F devmajor=9 -F perm=wa -F 'inode!=67437' Field (inode) only takes = or != operators It's something weird, I am using the != operator... Looking the source code, I found a function audit_rule_fieldpair in deprecated.c and another function audit_rule_fieldpair_data in libaudit.c. It seems that the != operator was AUDIT_NEGATE but now is AUDIT_NOT_EQUAL, internally. If this assumption is correct, I think that we need a fix like following: --- audit-1.7.13/lib/libaudit.c~ 2009-04-22 03:47:20.000000000 +0900 +++ audit-1.7.13/lib/libaudit.c 2009-07-30 14:33:44.000000000 +0900 @@ -1096,7 +1096,7 @@ /* fallthrough */ default: if (field == AUDIT_INODE) { - if (!(op == AUDIT_NEGATE || op == AUDIT_EQUAL)) + if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) return -13; } Thanks, -- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org