[PATCH 1/2] audit: restore AUDIT_LOGINUID unset ABI
Paul Moore
pmoore at redhat.com
Tue Dec 23 21:26:50 UTC 2014
On Tuesday, December 23, 2014 01:02:04 PM Richard Guy Briggs wrote:
> A regression was caused by commit 780a7654cee8:
> audit: Make testing for a valid loginuid explicit.
> (which in turn attempted to fix a regression caused by e1760bd)
>
> When audit_krule_to_data() fills in the rules to get a listing, there was a
> missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID.
>
> This broke userspace by not returning the same information that was sent and
> expected.
>
> The rule:
> auditctl -a exit,never -F auid=-1
> gives:
> auditctl -l
> LIST_RULES: exit,never f24=0 syscall=all
> when it should give:
> LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all
>
> Tag it so that it is reported the same way it was set. Create a new
> private flags audit_krule field (pflags) to store it that won't interact
> with the public one from the API.
>
> Cc: stable at vger.kernel.org # v3.10-rc1+
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> include/linux/audit.h | 4 ++++
> kernel/auditfilter.c | 10 ++++++++++
> 2 files changed, 14 insertions(+), 0 deletions(-)
Applied, thanks.
--
paul moore
security @ redhat
More information about the Linux-audit
mailing list