test patch for auditctl inter-field comparisons on euid/uid, egid/gid
Steve Grubb
sgrubb at redhat.com
Thu Dec 15 13:36:02 UTC 2011
On Thursday, December 15, 2011 01:55:53 AM Stephen Quinney wrote:
> On Wed, Dec 14, 2011 at 05:18:30PM -0800, Peter Moody wrote:
> > diff --git a/trunk/auparse/typetab.h b/trunk/auparse/typetab.h
> > index 746573c..cf13f4d 100644
> > --- a/trunk/auparse/typetab.h
> > +++ b/trunk/auparse/typetab.h
> > @@ -32,6 +32,8 @@ _S(AUPARSE_TYPE_UID, "iuid" )
> >
> > _S(AUPARSE_TYPE_UID, "id" )
> > _S(AUPARSE_TYPE_UID, "inode_uid" )
> > _S(AUPARSE_TYPE_UID, "sauid" )
> >
> > +_S(AUPARSE_TYPE_UID, "obj_uid" )
> > +_S(AUPARSE_TYPE_UID, "obj_gid" )
> >
> > _S(AUPARSE_TYPE_GID, "gid" )
> > _S(AUPARSE_TYPE_GID, "egid" )
> > _S(AUPARSE_TYPE_GID, "sgid" )
>
> I don't know the code particularly well but from reading the patch it
> strikes me that in this chunk "obj_gid" should probably be
> AUPARSE_TYPE_GID rather than AUPARSE_TYPE_UID.
Yeah, good catch. I can fix this when I apply the patch to svn. No need to re-
send unless there is something else needing fixing as well.
-Steve
More information about the Linux-audit
mailing list