patch update to ~51
Timothy R. Chavez
tinytim at us.ibm.com
Thu Jun 2 16:03:42 UTC 2005
On Thursday 02 June 2005 10:55, Steve Grubb wrote:
> On Thursday 02 June 2005 11:13, Timothy R. Chavez wrote:
> > Yes, that problem has been addressed and should no longer be the behavior
> > in audit.52. Rename()'ing a directory does not destroy its watchlist.
>
> This is fixed...but there's still problems.
>
> mv /mnt/target/etc/passwd /mnt/target/etc/passwd.old
> mv /mnt/target/etc /mnt/target/etc-old
> auditctl -D
> Error sending list request (No such file or directory)
> NLMSG_ERROR 2 (No such file or directory) type=2 seq=3
> No watches
> AUDIT_WATCH_LIST: dev=3:9, path=/mnt/target/etc/passwd, filterkey=test,
> perms=rwea, valid=0
>
> When a rule is asked to be deleted, and it matches a rule in the master list,
> it should be deleted even if the path is no longer valid.
good idea
>
> Also when I access the file in the new name and new dir, no records are
> generated. When I make either a mv dir or mv file (but not both), records are
> generated.
>
> Also, anytime I set file watches and reboot, I get a message about unfreed
> inodes will self destruct in 5 seconds...
Yep... that's because you didn't delete them from the file system when you
unmounted the filesystem and thus you were still holding on to references
to the inodes which prevented them from being freed.
let me see what I can come up with
-tim
More information about the Linux-audit
mailing list