another issue with Audit
Linda Knippers
linda.knippers at hp.com
Mon Apr 24 15:51:45 UTC 2006
That's really strange. I'm running the .16 kernel and the audit-1.2
audit tools on an x86 and I'm not seeing the problem. I'll upgrade and
see what happens.
-- ljk
Loulwa Salem wrote:
> This is a really strange problem .. seems like I have a knack to finding
> those.
>
> I am running lspp.18 kernel (SELinux in permissive mode), audit-1.2.1 on
> an x86_64 system.
>
> Here is what is happening .. someone else please try this and let me
> know if you see the same problem...
>
> # auditctl -w /tmp/file1 >> works fine
> # auditctl -w /tmp/file6
> Error sending add rule request (File exists)
> # auditctl -w /tmp/afile
> Error sending add rule request (File exists)
> # auditctl -w /tmp/newfile >> works fine
> # auditctl -w /tmp/thefile
> Error sending add rule request (File exists)
>
> Here is what I noticed from this pattern ... as long as the length of
> the file name I am adding watch on is the same, it says the watch
> already exists... So I tried something else to see if only the file name
> matters or the whole path length ...
>
> # mkdir /foo
> # auditctl -w /foo/file3 >> notice .. same length as /tmp/file1
> Error sending add rule request (File exists)
> # auditctl -w /foo/foofile >> notice .. same length as /tmp/newfile
> Error sending add rule request (File exists)
> # auditctl -w /foo/anotherfile >> works fine
>
> So you see ... even using a different directory still says the watch
> exists.
>
> If this is happening with others .. this definitely seems like a bug to me.
>
> Thanks,
> -Loulwa
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list