Bug from audit.81 -> audit.82 & higher
David Woodhouse
dwmw2 at infradead.org
Wed Aug 3 10:50:30 UTC 2005
On Tue, 2005-08-02 at 16:03 -0500, Michael C Thompson wrote:
> In summary: when the kernel is > audit.82, -a entry,always, and -F a2=448
> is included, then the record is not generated. However, changing 1 of these 3
> will result in the record's generation.
If you add back the call to audit_zero_context() in
audit_syscall_exit(), is the correct behaviour restored?
--- linux-2.6.9/kernel/auditsc.c~
+++ linux-2.6.9/kernel/auditsc.c
@@ -1073,7 +1073,6 @@ void audit_syscall_exit(struct task_stru
} else {
audit_free_names(context);
audit_free_aux(context);
+ audit_zero_context(context, context->state);
tsk->audit_context = context;
}
put_task_struct(tsk);
--
dwmw2
More information about the Linux-audit
mailing list