Re: Question about audit_filter_rules

2018-05-16 Thread Ondrej Mosnacek
2018-05-16 13:46 GMT+02:00 Richard Guy Briggs : > On 2018-05-16 10:43, Ondrej Mosnacek wrote: >> I found more inconsistencies: >> [...] >> case AUDIT_GID: >> result = audit_gid_comparator(cred->gid, f->op, f->gid); >> if (f->op == Audit_equal) { >>

Re: Question about audit_filter_rules

2018-05-16 Thread Richard Guy Briggs
On 2018-05-16 10:43, Ondrej Mosnacek wrote: > I found more inconsistencies: > [...] > case AUDIT_GID: > result = audit_gid_comparator(cred->gid, f->op, f->gid); > if (f->op == Audit_equal) { >if (!result) >result = in_group_p(f->gid); >

Re: Question about audit_filter_rules

2018-05-16 Thread Richard Guy Briggs
On 2018-05-16 08:57, Ondrej Mosnacek wrote: > Hi, > > I noticed this suspicious line in the definition of the > audit_filter_rules function in auditsc.c: > > [...] > case AUDIT_SESSIONID: > sessionid = audit_get_sessionid(current); // <--- HERE > result =

Re: Question about audit_filter_rules

2018-05-16 Thread Ondrej Mosnacek
I found more inconsistencies: [...] case AUDIT_GID: result = audit_gid_comparator(cred->gid, f->op, f->gid); if (f->op == Audit_equal) { if (!result) result = in_group_p(f->gid); } else if (f->op == Audit_not_equal) { if