[PATCH] audit: convert status version to a feature bitmap
Richard Guy Briggs
rgb at redhat.com
Mon Nov 17 18:16:18 UTC 2014
On 14/11/17, Steve Grubb wrote:
> On Monday, November 17, 2014 01:08:39 PM Richard Guy Briggs wrote:
> > > > Looks like good output to me, Steve?
> > >
> > > I would like it better if the following was tested as root:
> > >
> > > auditctl -s
> > > echo "1" > /proc/self/loginuid
> > > auditctl --loginuid-immutable
> > > auditctl -s
> > > echo "2" > /proc/self/loginuid
> > >
> > > This was we know that the feature is correctly reported, selected, and
> > > working.
> >
> > This looks sane:
>
> Thanks for testing this.
>
> > [root at f20 ~]# auditctl -s
> > enabled 1
> > flag 1
> > pid 307
> > rate_limit 0
> > backlog_limit 320
> > lost 0
> > backlog 0
> > backlog_wait_time 60000
> > loginuid_immutable 0 unlocked
> > [root at f20 ~]# echo "1" > /proc/self/loginuid
> > [root at f20 ~]# auditctl --loginuid-immutable
> > [root at f20 ~]# auditctl -s
> > enabled 1
> > flag 1
> > pid 307
> > rate_limit 0
> > backlog_limit 320
> > lost 0
> > backlog 0
> > backlog_wait_time 60000
> > loginuid_immutable 1 locked
> > [root at f20 ~]# echo "2" > /proc/self/loginuid
> > -bash: echo: write error: Operation not permitted
>
> OK. Looks good to me, too.
I've added the test procedure to the bug report.
> -Steve
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list