patch update to ~51
Steve Grubb
sgrubb at redhat.com
Thu Jun 2 15:55:01 UTC 2005
On Thursday 02 June 2005 11:13, Timothy R. Chavez wrote:
> Yes, that problem has been addressed and should no longer be the behavior
> in audit.52. Rename()'ing a directory does not destroy its watchlist.
This is fixed...but there's still problems.
mv /mnt/target/etc/passwd /mnt/target/etc/passwd.old
mv /mnt/target/etc /mnt/target/etc-old
auditctl -D
Error sending list request (No such file or directory)
NLMSG_ERROR 2 (No such file or directory) type=2 seq=3
No watches
AUDIT_WATCH_LIST: dev=3:9, path=/mnt/target/etc/passwd, filterkey=test,
perms=rwea, valid=0
When a rule is asked to be deleted, and it matches a rule in the master list,
it should be deleted even if the path is no longer valid.
Also when I access the file in the new name and new dir, no records are
generated. When I make either a mv dir or mv file (but not both), records are
generated.
Also, anytime I set file watches and reboot, I get a message about unfreed
inodes will self destruct in 5 seconds...
> Have you tried toe latest update?
I just found it was available.
-Steve
More information about the Linux-audit
mailing list