From mboxrd@z Thu Jan  1 00:00:00 1970
From: Amy Griffis <amy.griffis@hp.com>
Subject: Re: [PATCH] fix ppid bug in 2.6.18 kernel
Date: Mon, 28 Aug 2006 14:59:16 -0400
Message-ID: <20060828185916.GA16805@fc.hp.com>
References: <200608261406.21274.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k7SIxcN7028383
	for <linux-audit@redhat.com>; Mon, 28 Aug 2006 14:59:38 -0400
Received: from atlrel7.hp.com (atlrel7.hp.com [156.153.255.213])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k7SIxcvX005152
	for <linux-audit@redhat.com>; Mon, 28 Aug 2006 14:59:38 -0400
Received: from smtp1.fc.hp.com (smtp1.fc.hp.com [15.15.136.127])
	by atlrel7.hp.com (Postfix) with ESMTP id 25D89350BB
	for <linux-audit@redhat.com>; Mon, 28 Aug 2006 14:59:33 -0400 (EDT)
Received: from ldl.fc.hp.com (linux-bugs.fc.hp.com [15.11.146.30])
	by smtp1.fc.hp.com (Postfix) with ESMTP id EF37478DE9
	for <linux-audit@redhat.com>; Mon, 28 Aug 2006 18:59:32 +0000 (UTC)
Received: from localhost (ldl.lart [127.0.0.1])
	by ldl.fc.hp.com (Postfix) with ESMTP id B328A1344C5
	for <linux-audit@redhat.com>; Mon, 28 Aug 2006 12:59:32 -0600 (MDT)
Received: from ldl.fc.hp.com ([127.0.0.1])
	by localhost (ldl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 26079-09 for <linux-audit@redhat.com>;
	Mon, 28 Aug 2006 12:59:29 -0600 (MDT)
Content-Disposition: inline
In-Reply-To: <200608261406.21274.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Steve Grubb wrote:  [Sat Aug 26 2006, 02:06:20PM EDT]
> Hello,
> 
> During some troubleshooting, I found that ppid was accidentally omitted from
> the legacy rule section. This resulted in EINVAL for any rule with ppid sent
> with AUDIT_ADD.

AUDIT_PPID was recently added, so shouldn't be supported for the
legacy structure.  Instead auditctl should use struct audit_rule_data
for rules with AUDIT_PPID.

> Signed-off-by: Steve Grubb <sgrubb@redhat.com>
> 
> 
> diff -urp linux-2.6.17.x86_64.orig/kernel/auditfilter.c linux-2.6.17.x86_64/kernel/auditfilter.c
> --- linux-2.6.17.x86_64.orig/kernel/auditfilter.c	2006-08-26 13:50:19.000000000 -0400
> +++ linux-2.6.17.x86_64/kernel/auditfilter.c	2006-08-26 13:52:30.000000000 -0400
> @@ -413,6 +413,7 @@ static struct audit_entry *audit_rule_to
>  		case AUDIT_PERS:
>  		case AUDIT_ARCH:
>  		case AUDIT_MSGTYPE:
> +		case AUDIT_PPID:
>  		case AUDIT_DEVMAJOR:
>  		case AUDIT_DEVMINOR:
>  		case AUDIT_EXIT:
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>