[PATCH 1/2] fix auditctl -D

Joy Latten latten at austin.ibm.com
Fri Apr 28 22:35:44 UTC 2006


The fix for the problem of auditctl -D not working
consists of two patches. One is the userspace patch
and the other is for the kernel.

Below is the userspace patch. I added AUDIT_DEL_ALL flag.

Regards,
Joy

diff -urpN audit-1.1.5.orig/lib/msg_typetab.h audit-1.1.5/lib/msg_typetab.h
--- audit-1.1.5.orig/lib/msg_typetab.h	2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/lib/msg_typetab.h	2006-04-28 09:53:13.000000000 -0500
@@ -31,6 +31,7 @@
 //_S(AUDIT_LIST,                     "LIST"                          )
 //_S(AUDIT_ADD,                      "ADD"                           )
 //_S(AUDIT_DEL,                      "DEL"                           )
+//_S(AUDIT_DEL_ALL,                  "DEL_ALL"                       )
 _S(AUDIT_USER,                       "USER"                          )
 _S(AUDIT_LOGIN,                      "LOGIN"                         )
 //_S(AUDIT_SIGNAL_INFO,              "SIGNAL_INFO"                   )
diff -urpN audit-1.1.5.orig/src/auditctl.c audit-1.1.5/src/auditctl.c
--- audit-1.1.5.orig/src/auditctl.c	2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/src/auditctl.c	2006-04-28 09:51:06.000000000 -0500
@@ -1104,62 +1104,12 @@ static int audit_print_reply(struct audi
 /* Returns 0 for success and -1 for failure */
 static int delete_all_rules(void)
 {
-	int seq, i;
-	int timeout = 40; /* tenths of seconds */
-	struct audit_reply rep;
-	fd_set read_mask;
+	int rc = 0;
 
-	/* list the rules */
-	seq = audit_request_rules_list(fd);
-	if (seq <= 0) 
+	rc = audit_send(fd, AUDIT_DEL_ALL, NULL, 0);
+	if (rc < 0) {
+		fprintf(stderr, "Error deleting rule (%s)\n", strerror(-rc));
 		return -1;
-
-	FD_ZERO(&read_mask);
-	FD_SET(fd, &read_mask);
-
-	for (i = 0; i < timeout; i++) {
-		struct timeval t;
-		int rc;
-
-		t.tv_sec  = 0;
-		t.tv_usec = 100000; /* .1 second */
-		do {
-			rc = select(fd+1, &read_mask, NULL, NULL, &t);
-		} while (rc < 0 && errno == EINTR);
-		// We'll try to read just in case
-		rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
-		if (rc > 0) {
-			/* Reset timeout */
-			i = 0;
-
-			/* Don't make decisions based on wrong packet */
-			if (rep.nlh->nlmsg_seq != seq)
-				continue;
-
-			/* If we get done or error, break out */
-			if (rep.type == NLMSG_DONE)
-				break;
-
-			if (rep.type == NLMSG_ERROR && rep.error->error) {
-				fprintf(stderr, 
-					"Error receiving rules list (%s)\n", 
-					strerror(-rep.error->error));
-				return -1;
-			}
-
-			/* If its not what we are expecting, keep looping */
-			if (rep.type != AUDIT_LIST)
-				continue;
-
-			/* Found it, bounce it right back with delete */
-			rc = audit_send(fd, AUDIT_DEL, rep.rule, 
-					sizeof(struct audit_rule));
-			if (rc < 0) {
-				fprintf(stderr, "Error deleting rule (%s)\n",
-					strerror(-rc)); 
-				return -1;
-			}
-		}
 	}
 
 	return 0;




More information about the Linux-audit mailing list