[PATCH] Fix a bug of executing "aureport -a"
Peng Haitao
penght at cn.fujitsu.com
Sat Sep 20 03:39:36 UTC 2008
Hello steve,
Use option "-a" cannot report about avc messages, when message type is USER_AVC.
# echo "type=USER_AVC msg=audit(1221967380.698:35458): user pid=8185 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=6) : exe=\"?\" (sauid=81, hostname=?, addr=?, terminal=?)'" | aureport -a
AVC Report
========================================================
# date time comm subj syscall class permission obj event
========================================================
<no events of interest were found>
Signed-off-by: Peng Haitao <penght at cn.fujitsu.com>
---
src/aureport-scan.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/aureport-scan.c b/src/aureport-scan.c
index f42cf12..9374a02 100644
--- a/src/aureport-scan.c
+++ b/src/aureport-scan.c
@@ -449,6 +449,9 @@ static int per_event_detailed(llist *l)
if (list_find_msg(l, AUDIT_AVC)) {
print_per_event_item(l);
rc = 1;
+ } else if (list_find_msg(l, AUDIT_USER_AVC)) {
+ print_per_event_item(l);
+ rc = 1;
}
break;
case RPT_MAC:
--
1.5.3
--
Regards
Peng Haitao
More information about the Linux-audit
mailing list