AUDIT_INODE
Amy Griffis
amy.griffis at hp.com
Mon Aug 22 15:41:55 UTC 2005
Hi Steve,
I just discovered that it is no longer possible to add syscall rules
based on an inode number. I believe this is due to your recent change
preventing a user from adding exit-based syscall rule fields to an
entry-based rule. This should fix it for inodes and the other fields
as well.
Regards,
Amy
diff -Nrup audit-1.0.2.orig/lib/libaudit.c audit-1.0.2/lib/libaudit.c
--- audit-1.0.2.orig/lib/libaudit.c 2005-08-08 15:16:10.000000000 -0400
+++ audit-1.0.2/lib/libaudit.c 2005-08-22 11:38:16.615787233 -0400
@@ -762,7 +762,7 @@ int audit_rule_fieldpair(struct audit_ru
case AUDIT_DEVMAJOR...AUDIT_SUCCESS:
if (flags == AUDIT_FILTER_ENTRY)
return -7;
- break;
+ /* fallthrough */
default:
rule->values[rule->field_count] = strtol(v, NULL, 0);
break;
More information about the Linux-audit
mailing list