[PATCH] audit: convert status version to a feature bitmap
Steve Grubb
sgrubb at redhat.com
Mon Nov 17 18:11:30 UTC 2014
On Monday, November 17, 2014 01:08:39 PM Richard Guy Briggs wrote:
> > > Looks like good output to me, Steve?
> >
> > I would like it better if the following was tested as root:
> >
> > auditctl -s
> > echo "1" > /proc/self/loginuid
> > auditctl --loginuid-immutable
> > auditctl -s
> > echo "2" > /proc/self/loginuid
> >
> > This was we know that the feature is correctly reported, selected, and
> > working.
>
> This looks sane:
Thanks for testing this.
> [root at f20 ~]# auditctl -s
> enabled 1
> flag 1
> pid 307
> rate_limit 0
> backlog_limit 320
> lost 0
> backlog 0
> backlog_wait_time 60000
> loginuid_immutable 0 unlocked
> [root at f20 ~]# echo "1" > /proc/self/loginuid
> [root at f20 ~]# auditctl --loginuid-immutable
> [root at f20 ~]# auditctl -s
> enabled 1
> flag 1
> pid 307
> rate_limit 0
> backlog_limit 320
> lost 0
> backlog 0
> backlog_wait_time 60000
> loginuid_immutable 1 locked
> [root at f20 ~]# echo "2" > /proc/self/loginuid
> -bash: echo: write error: Operation not permitted
OK. Looks good to me, too.
-Steve
More information about the Linux-audit
mailing list