From: Joy Latten <latten@austin.ibm.com>
To: linux-audit@redhat.com
Subject: [PATCH 1/2] fix auditctl -D
Date: Fri, 28 Apr 2006 17:35:44 -0500 [thread overview]
Message-ID: <200604282235.k3SMZi02002180@faith.austin.ibm.com> (raw)
The fix for the problem of auditctl -D not working
consists of two patches. One is the userspace patch
and the other is for the kernel.
Below is the userspace patch. I added AUDIT_DEL_ALL flag.
Regards,
Joy
diff -urpN audit-1.1.5.orig/lib/msg_typetab.h audit-1.1.5/lib/msg_typetab.h
--- audit-1.1.5.orig/lib/msg_typetab.h 2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/lib/msg_typetab.h 2006-04-28 09:53:13.000000000 -0500
@@ -31,6 +31,7 @@
//_S(AUDIT_LIST, "LIST" )
//_S(AUDIT_ADD, "ADD" )
//_S(AUDIT_DEL, "DEL" )
+//_S(AUDIT_DEL_ALL, "DEL_ALL" )
_S(AUDIT_USER, "USER" )
_S(AUDIT_LOGIN, "LOGIN" )
//_S(AUDIT_SIGNAL_INFO, "SIGNAL_INFO" )
diff -urpN audit-1.1.5.orig/src/auditctl.c audit-1.1.5/src/auditctl.c
--- audit-1.1.5.orig/src/auditctl.c 2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/src/auditctl.c 2006-04-28 09:51:06.000000000 -0500
@@ -1104,62 +1104,12 @@ static int audit_print_reply(struct audi
/* Returns 0 for success and -1 for failure */
static int delete_all_rules(void)
{
- int seq, i;
- int timeout = 40; /* tenths of seconds */
- struct audit_reply rep;
- fd_set read_mask;
+ int rc = 0;
- /* list the rules */
- seq = audit_request_rules_list(fd);
- if (seq <= 0)
+ rc = audit_send(fd, AUDIT_DEL_ALL, NULL, 0);
+ if (rc < 0) {
+ fprintf(stderr, "Error deleting rule (%s)\n", strerror(-rc));
return -1;
-
- FD_ZERO(&read_mask);
- FD_SET(fd, &read_mask);
-
- for (i = 0; i < timeout; i++) {
- struct timeval t;
- int rc;
-
- t.tv_sec = 0;
- t.tv_usec = 100000; /* .1 second */
- do {
- rc = select(fd+1, &read_mask, NULL, NULL, &t);
- } while (rc < 0 && errno == EINTR);
- // We'll try to read just in case
- rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
- if (rc > 0) {
- /* Reset timeout */
- i = 0;
-
- /* Don't make decisions based on wrong packet */
- if (rep.nlh->nlmsg_seq != seq)
- continue;
-
- /* If we get done or error, break out */
- if (rep.type == NLMSG_DONE)
- break;
-
- if (rep.type == NLMSG_ERROR && rep.error->error) {
- fprintf(stderr,
- "Error receiving rules list (%s)\n",
- strerror(-rep.error->error));
- return -1;
- }
-
- /* If its not what we are expecting, keep looping */
- if (rep.type != AUDIT_LIST)
- continue;
-
- /* Found it, bounce it right back with delete */
- rc = audit_send(fd, AUDIT_DEL, rep.rule,
- sizeof(struct audit_rule));
- if (rc < 0) {
- fprintf(stderr, "Error deleting rule (%s)\n",
- strerror(-rc));
- return -1;
- }
- }
}
return 0;
next reply other threads:[~2006-04-28 22:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-28 22:35 Joy Latten [this message]
2006-04-28 23:04 ` [PATCH 1/2] fix auditctl -D Steve Grubb
2006-05-02 19:44 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200604282235.k3SMZi02002180@faith.austin.ibm.com \
--to=latten@austin.ibm.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox