[PATCH] filesystem location based auditing
Amy Griffis
amy.griffis at hp.com
Mon Feb 27 16:30:55 UTC 2006
On Mon, Feb 27, 2006 at 09:24:25AM -0500, Steve Grubb wrote:
> On Friday 24 February 2006 15:19, Amy Griffis wrote:
> > TIA for reviewing this patch.
>
> I wasn't able to put this into the lspp.10 kernel cause there was too many
> patching failures. For example,
>
> >diff --git a/include/linux/audit.h b/include/linux/audit.h
> >index c208554..d76fa58 100644
> >--- a/include/linux/audit.h
> >+++ b/include/linux/audit.h
> >@@ -148,6 +148,7 @@
> > #define AUDIT_INODE 102
> > #define AUDIT_EXIT 103
> > #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */
> >+#define AUDIT_WATCH 105
> >
> > #define AUDIT_ARG0 200
> > #define AUDIT_ARG1 (AUDIT_ARG0+1)
>
> The above code was in your patch from:
>
> https://www.redhat.com/archives/linux-audit/2006-February/msg00034.html
>
>
> I deleted the above patch and applied with this as a result:
>
> patching file kernel/audit.c
> patching file kernel/audit.h
> Hunk #2 FAILED at 54.
> Hunk #3 FAILED at 86.
> 2 out of 3 hunks FAILED -- saving rejects to file kernel/audit.h.rej
> patching file kernel/auditfilter.c
> Hunk #1 FAILED at 22.
> Hunk #2 succeeded at 101 with fuzz 2 (offset 10 lines).
> Hunk #3 succeeded at 329 with fuzz 1 (offset 27 lines).
> Hunk #4 succeeded at 362 (offset 10 lines).
> Hunk #5 FAILED at 395.
> Hunk #6 FAILED at 428.
> Hunk #7 FAILED at 448.
> Hunk #8 succeeded at 526 (offset 45 lines).
> Hunk #9 succeeded at 523 (offset 10 lines).
> Hunk #10 FAILED at 539.
> Hunk #11 succeeded at 596 with fuzz 1 (offset 54 lines).
> Hunk #12 FAILED at 620.
> Hunk #13 FAILED at 637.
> Hunk #14 succeeded at 910 (offset 51 lines).
> Hunk #15 succeeded at 928 (offset 54 lines).
> Hunk #16 FAILED at 950.
> Hunk #17 succeeded at 1059 (offset 58 lines).
> Hunk #18 succeeded at 1125 (offset 52 lines).
> Hunk #19 succeeded at 1208 (offset 58 lines).
> Hunk #20 succeeded at 1221 (offset 52 lines).
> 8 out of 20 hunks FAILED -- saving rejects to file kernel/auditfilter.c.rej
> patching file kernel/auditsc.c
> Hunk #2 FAILED at 241.
> Hunk #3 succeeded at 288 (offset 1 line).
> Hunk #5 succeeded at 796 (offset 5 lines).
> 1 out of 6 hunks FAILED -- saving rejects to file kernel/auditsc.c.rej
>
> I think we are out of sync somewhere.
I based this patch off of the git tree, and I suspect the order in
which you are applying the patches does not follow the git tree.
Looking at the spec file for the lspp.9 kernel, I see:
Patch20010: linux-2.6-audit-git.patch
Patch20011: linux-2.6-audit-promisc.patch
Patch20012: linux-2.6-audit-tty.patch
Patch20013: linux-2.6-vm86-audit_syscall_exit.patch
Patch20014: linux-2.6-audit-string-1.patch
Patch20015: linux-2.6-audit-string-2.patch
Patch20016: linux-2.6-audit-inotify-api.patch
Patch20017: linux-2.6-audit-rule-log.patch
Patch20018: linux-2.6-audit_log_exit-gfp_mask.patch
Patch20019: linux-2.6-audit-fix-operators.patch
In the git tree master.b1 branch, I see a different ordering:
Patch20013: linux-2.6-vm86-audit_syscall_exit.patch
Patch20018: linux-2.6-audit_log_exit-gfp_mask.patch
Patch20014: linux-2.6-audit-string-1.patch
Patch20015: linux-2.6-audit-string-2.patch
Patch20016: linux-2.6-audit-inotify-api.patch
Patch20017: linux-2.6-audit-rule-log.patch
Patch20012: linux-2.6-audit-tty.patch
And these patches aren't included:
Patch20011: linux-2.6-audit-promisc.patch
Patch20019: linux-2.6-audit-fix-operators.patch
The last patch I posted was supposed to replace audit-string-2.patch
(as audit-watch.patch or something similar). I think if you used the
git tree ordering, you wouldn't see as many patch collisions.
Regards,
Amy
More information about the Linux-audit
mailing list