the problem of option '-a', '-A', '-d' and '-D'
Yu Zhiguo
yuzg at cn.fujitsu.com
Mon Jul 21 07:15:29 UTC 2008
Hello steve,
Now options '-a', '-A', '-d' and '-D' can be used simultaneously in a rule,
but just the last one of them is effective.
This usage will make users confused, for example:
# auditctl -a entry,always -F uid=500 -A task,always -F uid=600 -a exit,always
is equal to:
# auditctl -a exit,always -F uid=500 -F uid=600
I think we'd better not allow these options be used simultaneously,
otherwise an error message will be reported.
What's your opinion? If you agree with me, I'll make a patch.
--
Regards
Yu Zhiguo
--------------------------------------------------
Yu Zhiguo
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630566-836
COINS: 79955-836
FAX: +86+25-83317685
MAIL: yuzg at cn.fujitsu.com
--------------------------------------------------
This communication is for use by the intended recipient(s) only and may contain information that is privileged, confidential and exempt from
disclosure under applicable law. If you are not an intended recipient of this communication, you are hereby notified that any dissemination,
distribution or copying hereof is strictly prohibited. If you have received this communication in error, please notify me by reply e-mail,
permanently delete this communication from your system, and destroy any hard copies you may have printed.
More information about the Linux-audit
mailing list