[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

AUDIT_INODE



Hi Steve,

I just discovered that it is no longer possible to add syscall rules
based on an inode number.  I believe this is due to your recent change
preventing a user from adding exit-based syscall rule fields to an
entry-based rule.  This should fix it for inodes and the other fields
as well.

Regards,
Amy


diff -Nrup audit-1.0.2.orig/lib/libaudit.c audit-1.0.2/lib/libaudit.c
--- audit-1.0.2.orig/lib/libaudit.c     2005-08-08 15:16:10.000000000 -0400
+++ audit-1.0.2/lib/libaudit.c  2005-08-22 11:38:16.615787233 -0400
@@ -762,7 +762,7 @@ int audit_rule_fieldpair(struct audit_ru
                case AUDIT_DEVMAJOR...AUDIT_SUCCESS:
                        if (flags == AUDIT_FILTER_ENTRY)
                                return -7;
-                       break;
+                       /* fallthrough */
                default:
                        rule->values[rule->field_count] = strtol(v, NULL, 0);
                        break;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]