[PATCH 1/2] audit: restore AUDIT_LOGINUID unset ABI
Richard Guy Briggs
rgb at redhat.com
Tue Dec 23 23:02:41 UTC 2014
On 14/12/23, Paul Moore wrote:
> On Tuesday, December 23, 2014 04:41:42 PM Paris, Eric wrote:
> > Me likie much more.
>
> Yeah, me too.
Good, thanks for your patience guys.
> > On Tue, Dec 23, 2014 at 4:26 PM, Paul Moore <pmoore at redhat.com> wrote:
> > > On Tuesday, December 23, 2014 01:02:04 PM Richard Guy Briggs wrote:
> > >> A regression was caused by commit 780a7654cee8:
> > >> audit: Make testing for a valid loginuid explicit.
> > >>
> > >> (which in turn attempted to fix a regression caused by e1760bd)
> > >>
> > >> When audit_krule_to_data() fills in the rules to get a listing, there was
> > >> a
> > >> missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID.
> > >>
> > >> This broke userspace by not returning the same information that was sent
> > >> and expected.
> > >>
> > >> The rule:
> > >> auditctl -a exit,never -F auid=-1
> > >>
> > >> gives:
> > >> auditctl -l
> > >>
> > >> LIST_RULES: exit,never f24=0 syscall=all
> > >>
> > >> when it should give:
> > >> LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all
> > >>
> > >> Tag it so that it is reported the same way it was set. Create a new
> > >> private flags audit_krule field (pflags) to store it that won't interact
> > >> with the public one from the API.
> > >>
> > >> Cc: stable at vger.kernel.org # v3.10-rc1+
> > >> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> > >> ---
> > >>
> > >> include/linux/audit.h | 4 ++++
> > >> kernel/auditfilter.c | 10 ++++++++++
> > >> 2 files changed, 14 insertions(+), 0 deletions(-)
> > >
> > > Applied, thanks.
> > >
> > > paul moore
>
> paul moore
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list