[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] fix ppid bug in 2.6.18 kernel



Steve Grubb wrote:  [Sat Aug 26 2006, 02:06:20PM EDT]
> Hello,
> 
> During some troubleshooting, I found that ppid was accidentally omitted from
> the legacy rule section. This resulted in EINVAL for any rule with ppid sent
> with AUDIT_ADD.

AUDIT_PPID was recently added, so shouldn't be supported for the
legacy structure.  Instead auditctl should use struct audit_rule_data
for rules with AUDIT_PPID.

> Signed-off-by: Steve Grubb <sgrubb redhat com>
> 
> 
> diff -urp linux-2.6.17.x86_64.orig/kernel/auditfilter.c linux-2.6.17.x86_64/kernel/auditfilter.c
> --- linux-2.6.17.x86_64.orig/kernel/auditfilter.c	2006-08-26 13:50:19.000000000 -0400
> +++ linux-2.6.17.x86_64/kernel/auditfilter.c	2006-08-26 13:52:30.000000000 -0400
> @@ -413,6 +413,7 @@ static struct audit_entry *audit_rule_to
>  		case AUDIT_PERS:
>  		case AUDIT_ARCH:
>  		case AUDIT_MSGTYPE:
> +		case AUDIT_PPID:
>  		case AUDIT_DEVMAJOR:
>  		case AUDIT_DEVMINOR:
>  		case AUDIT_EXIT:
> 
> --
> Linux-audit mailing list
> Linux-audit redhat com
> https://www.redhat.com/mailman/listinfo/linux-audit
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]