[Patch]Fix the bug of using "-S syscall -a list, action", no errors will be reported.

["chuli" <chul@cn.fujitsu.com>]

Hi Steve,

  When I use "-a user,always -S open", errors will be reported. But when I use
"-S open -a user,always", no errors will report. There is no corresponding
codes to deal with the later format.

  Here is my patch. Hope for your opinion about such modification.
  (I move the code for checking "task" list to the handle_request().)

Signed-off-by: Chu Li <chul@cn.fujitsu.com>
---
diff --git a/src/auditctl.c b/src/auditctl.c
index d740509..9cc3df0 100755
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -532,52 +532,40 @@ static int setopt(int count, char *vars[])
 		retval = -2;
 		break;
         case 'a':
-		if (strstr(optarg, "task") && audit_syscalladded) {
+		rc = audit_rule_setup(optarg, &add, &action);
+		if (rc == 3) {
+			fprintf(stderr,
+			"Multiple rule insert/delete operations are not allowed\n");
+			retval = -1;
+		} else if (rc == 2) {
 			fprintf(stderr,
-				"Syscall auditing requested for task list\n");
+			"Append rule - bad keyword %s\n",
+			optarg);
 			retval = -1;
-		} else {
-			rc = audit_rule_setup(optarg, &add, &action);
-			if (rc == 3) {
-				fprintf(stderr,
-		"Multiple rule insert/delete operations are not allowed\n");
-				retval = -1;
-			} else if (rc == 2) {
-				fprintf(stderr,
-					"Append rule - bad keyword %s\n",
-					optarg);
-				retval = -1;
-			} else if (rc == 1) {
-				fprintf(stderr,
-				    "Append rule - possible is deprecated\n");
-				return -3; /* deprecated - eat it */
-			} else
-				retval = 1; /* success - please send */
-		}
+		} else if (rc == 1) {
+			fprintf(stderr,
+		 	"Append rule - possible is deprecated\n");
+			return -3; /* deprecated - eat it */
+		} else
+			retval = 1; /* success - please send */
 		break;
         case 'A':
-		if (strstr(optarg, "task") && audit_syscalladded) {
-			fprintf(stderr,
-			   "Error: syscall auditing requested for task list\n");
+		rc = audit_rule_setup(optarg, &add, &action);
+		if (rc == 3) {
+			fprintf(stderr,
+			"Multiple rule insert/delete operations are not allowed\n");
 			retval = -1;
+		} else if (rc == 2) {
+			fprintf(stderr,
+			"Add rule - bad keyword %s\n", optarg);
+			retval = -1;
+		} else if (rc == 1) {
+			fprintf(stderr,
+			"Append rule - possible is deprecated\n");
+			return -3; /* deprecated - eat it */
 		} else {
-			rc = audit_rule_setup(optarg, &add, &action);
-			if (rc == 3) {
-				fprintf(stderr,
-		"Multiple rule insert/delete operations are not allowed\n");
-				retval = -1;
-			} else if (rc == 2) {
-				fprintf(stderr,
-				"Add rule - bad keyword %s\n", optarg);
-				retval = -1;
-			} else if (rc == 1) {
-				fprintf(stderr,
-				    "Append rule - possible is deprecated\n");
-				return -3; /* deprecated - eat it */
-			} else {
-				add |= AUDIT_FILTER_PREPEND;
-				retval = 1; /* success - please send */
-			}
+			add |= AUDIT_FILTER_PREPEND;
+			retval = 1; /* success - please send */
 		}
 		break;
         case 'd':
@@ -1167,6 +1155,27 @@ static int handle_request(int status)
 					audit_rule_syscallbyname_data(
 							rule_new, "all");
 			}
+			if(audit_syscalladded == 1){
+				if (((add & (AUDIT_FILTER_MASK|AUDIT_FILTER_UNSET)) ==
+					AUDIT_FILTER_TASK || (del &
+					(AUDIT_FILTER_MASK|AUDIT_FILTER_UNSET)) ==
+					AUDIT_FILTER_TASK)) {
+					fprintf(stderr,
+					"Error: syscall auditing being added to task list\n");
+					return -1;
+				} else if (((add & (AUDIT_FILTER_MASK|AUDIT_FILTER_UNSET)) ==
+					AUDIT_FILTER_USER || (del &
+					(AUDIT_FILTER_MASK|AUDIT_FILTER_UNSET)) ==
+					AUDIT_FILTER_USER)) {
+					fprintf(stderr,
+					"Error: syscall auditing being added to user list\n");
+					return -1;
+				} else if (exclude) {
+					fprintf(stderr,
+					"Error: syscall auditing cannot be put on exclude list\n");
+					return -1;
+				}
+			}
 			if (which == OLD) {
 				rc = audit_add_rule(fd, &rule, add, action);
 			} else {

Regards
Chu Li