[PATCH ghak114 V1] audit: enforce op for string fields

Paul Moore paul at paul-moore.com
Wed May 29 13:11:25 UTC 2019 

On Tue, May 28, 2019 at 6:22 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2019-05-28 18:00, Paul Moore wrote:
> > On Wed, May 22, 2019 at 5:52 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> > >
> > > The field operator is ignored on several string fields.  WATCH, DIR,
> > > PERM and FILETYPE field operators are completely ignored and meaningless
> > > since the op is not referenced in audit_filter_rules().  Range and
> > > bitwise operators are already addressed in ghak73.
> > >
> > > Honour the operator for WATCH, DIR, PERM, FILETYPE fields as is done in
> > > the EXE field.
> > >
> > > Please see github issue
> > > https://github.com/linux-audit/audit-kernel/issues/114
> > > ---
> > >  kernel/auditsc.c | 18 +++++++++++++++---
> > >  1 file changed, 15 insertions(+), 3 deletions(-)
> >
> > While the patch looks fine, it is missing your sign-off.  If you reply
> > to this thread with it, I'll go ahead and add to the patch when
> > merging.
>
> GHAK!  Sorry about that!
>
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
>
> It passed checkpatch.pl when that code was in the ghak73 patch.  :-)

Yeah, but that means nothing when you post it as a separate patch.  I
don't really want an explanation of your workflow, I'm just asking you
to spend some time and sort it out, especially since I think this has
happened at least once before (a split patch not being checked).  The
missing sign-off is relatively harmless and easily fixed, but the
omission hints that perhaps the normal checks/testing are not being
done before posting and that is what worries me.

Anyway, it's now merged into audit/next with the proper sign-offs.

> > I'm sure everyone is tired of hearing me complain about people not
> > checking their patches, but this is something that would have been
> > caught by running ./scripts/checkpatch.pl against your patch (the
> > entire patch, not just the code portion).  If you aren't running your
> > full patch through checkpatch already, it is easy to do (there are
> > likely other ways too, these are just the two that I use):
> >
> > * using git
> > # git format-patch --stdout -1 <commit_id> | ./scripts/checkpatch.pl -
> >
> > * using stgit (my favorite)
> > # stg export -s <patch> | ./scripts/checkpatch.pl -
>
> Nice, it even works for a series...

Yes, stgit isn't for everyone, but it is easily one of my favorite
development tools (despite a few annoying quirks).

-- 
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list