[PATCH v1] auditctl: check for a watch before adding perm
Steve Grubb
sgrubb at redhat.com
Thu Oct 28 21:14:43 UTC 2021
On Thursday, October 28, 2021 3:48:57 PM EDT Richard Guy Briggs wrote:
> The existing check would never trigger since add and del are defaulted to
> AUDIT_FILTER_UNSET which is not zero.
Thanks! Applied.
-Steve
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> src/auditctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/auditctl.c b/src/auditctl.c
> index ca6905b2884e..06bb747c5fd2 100644
> --- a/src/auditctl.c
> +++ b/src/auditctl.c
> @@ -1020,7 +1020,7 @@ process_keys:
> }
> break;
> case 'p':
> - if (!add && !del) {
> + if (add == AUDIT_FILTER_UNSET && del == AUDIT_FILTER_UNSET) {
> audit_msg(LOG_ERR,
> "permission option needs a watch given prior to it");
> retval = -1;
More information about the Linux-audit
mailing list