[PATCH] fix audit_rule_syscallbyname()
Amy Griffis
amy.griffis at hp.com
Tue Nov 1 19:50:53 UTC 2005
Hello,
The audit_rule_syscallbyname() function in libaudit currently doesn't
work for any system calls other than "all". This is because it
depends on a previous setting of the audit_elf global variable.
This has been unnoticed so far because auditctl defines an audit_elf
global and sets it before calling this routine.
Arguably, libaudit shouldn't be using a global this way, but this
patch fixes the immediate problem.
Thanks,
Amy
diff -Nrup audit-1.0.8/lib/libaudit.c audit-1.0.8-new/lib/libaudit.c
--- audit-1.0.8/lib/libaudit.c 2005-10-17 13:40:22.000000000 -0400
+++ audit-1.0.8-new/lib/libaudit.c 2005-11-01 13:43:13.013425856 -0500
@@ -588,7 +588,10 @@ int audit_rule_syscallbyname(struct audi
rule->mask[i] = ~0;
return 0;
}
- machine = audit_elf_to_machine(audit_elf);
+ if (!audit_elf)
+ machine = audit_detect_machine();
+ else
+ machine = audit_elf_to_machine(audit_elf);
if (machine < 0)
return -2;
nr = audit_name_to_syscall(scall, machine);
More information about the Linux-audit
mailing list