From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <pmoore@redhat.com>
Subject: Re: [PATCH 1/2] audit: restore AUDIT_LOGINUID unset ABI
Date: Tue, 23 Dec 2014 16:46:57 -0500
Message-ID: <1906288.1bgkasPrxq@sifl>
References: <0ad534ae39833d9825cee056c6d01c3bd4ae28f8.1419357176.git.rgb@redhat.com>
	<1666274.HYbdZVvp2J@sifl>
	<CACLa4pv2J8DZDv3p3YmxFeCfkmOrWjdrWkaTuUZYkA-5AMjmAQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CACLa4pv2J8DZDv3p3YmxFeCfkmOrWjdrWkaTuUZYkA-5AMjmAQ@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: "Paris, Eric" <eparis@parisplace.org>
Cc: Richard Guy Briggs <rgb@redhat.com>, linux-audit@redhat.com, "Eric W. Biederman" <ebiederm@xmission.com>
List-Id: linux-audit@redhat.com

On Tuesday, December 23, 2014 04:41:42 PM Paris, Eric wrote:
> Me likie much more.

Yeah, me too.

> On Tue, Dec 23, 2014 at 4:26 PM, Paul Moore <pmoore@redhat.com> wrote:
> > On Tuesday, December 23, 2014 01:02:04 PM Richard Guy Briggs wrote:
> >> A regression was caused by commit 780a7654cee8:
> >>        audit: Make testing for a valid loginuid explicit.
> >> 
> >> (which in turn attempted to fix a regression caused by e1760bd)
> >> 
> >> When audit_krule_to_data() fills in the rules to get a listing, there was
> >> a
> >> missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID.
> >> 
> >> This broke userspace by not returning the same information that was sent
> >> and expected.
> >> 
> >> The rule:
> >>       auditctl -a exit,never -F auid=-1
> >> 
> >> gives:
> >>       auditctl -l
> >>       
> >>               LIST_RULES: exit,never f24=0 syscall=all
> >> 
> >> when it should give:
> >>               LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all
> >> 
> >> Tag it so that it is reported the same way it was set.  Create a new
> >> private flags audit_krule field (pflags) to store it that won't interact
> >> with the public one from the API.
> >> 
> >> Cc: stable@vger.kernel.org # v3.10-rc1+
> >> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> >> ---
> >> 
> >>  include/linux/audit.h |    4 ++++
> >>  kernel/auditfilter.c  |   10 ++++++++++
> >>  2 files changed, 14 insertions(+), 0 deletions(-)
> > 
> > Applied, thanks.
> > 
> > --
> > paul moore
> > security @ redhat

-- 
paul moore
security @ redhat