* the problem of option '-a', '-A', '-d' and '-D'
@ 2008-07-21 7:15 Yu Zhiguo
2008-07-21 16:37 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: Yu Zhiguo @ 2008-07-21 7:15 UTC (permalink / raw)
To: Steve Grubb; +Cc: audit-list
Hello steve,
Now options '-a', '-A', '-d' and '-D' can be used simultaneously in a rule,
but just the last one of them is effective.
This usage will make users confused, for example:
# auditctl -a entry,always -F uid=500 -A task,always -F uid=600 -a exit,always
is equal to:
# auditctl -a exit,always -F uid=500 -F uid=600
I think we'd better not allow these options be used simultaneously,
otherwise an error message will be reported.
What's your opinion? If you agree with me, I'll make a patch.
--
Regards
Yu Zhiguo
--------------------------------------------------
Yu Zhiguo
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630566-836
COINS: 79955-836
FAX: +86+25-83317685
MAIL: yuzg@cn.fujitsu.com
--------------------------------------------------
This communication is for use by the intended recipient(s) only and may contain information that is privileged, confidential and exempt from
disclosure under applicable law. If you are not an intended recipient of this communication, you are hereby notified that any dissemination,
distribution or copying hereof is strictly prohibited. If you have received this communication in error, please notify me by reply e-mail,
permanently delete this communication from your system, and destroy any hard copies you may have printed.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: the problem of option '-a', '-A', '-d' and '-D'
2008-07-21 7:15 the problem of option '-a', '-A', '-d' and '-D' Yu Zhiguo
@ 2008-07-21 16:37 ` Steve Grubb
2008-07-22 1:24 ` Yu Zhiguo
0 siblings, 1 reply; 4+ messages in thread
From: Steve Grubb @ 2008-07-21 16:37 UTC (permalink / raw)
To: Yu Zhiguo; +Cc: audit-list
On Monday 21 July 2008 03:15:29 Yu Zhiguo wrote:
> I think we'd better not allow these options be used simultaneously,
> otherwise an error message will be reported.
> What's your opinion? If you agree with me, I'll make a patch.
Correct, it should not allow multiple rule insert/delete options.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: the problem of option '-a', '-A', '-d' and '-D'
2008-07-21 16:37 ` Steve Grubb
@ 2008-07-22 1:24 ` Yu Zhiguo
2008-07-22 23:17 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: Yu Zhiguo @ 2008-07-22 1:24 UTC (permalink / raw)
To: Steve Grubb; +Cc: audit-list
Hello Mr. Steve,
This is the patch, can you apply it?
If there are some deficiencies, please give me your indication.
Steve Grubb wrote:
>> What's your opinion? If you agree with me, I'll make a patch.
> Correct, it should not allow multiple rule insert/delete options.
> -Steve
Now options '-a', '-A', '-d' can be used simultaneously in a rule,
but just the last one of them is effective. This usage will make
users confused.
So it had better not allow these options be used simultaneously,
otherwise an error message will be reported.
Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com>
---
src/auditctl.c | 27 +++++++++++++++++++++++----
1 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..9f31067 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -165,9 +165,16 @@ static void usage(void)
);
}
-/* Returns 0 ok, 1 deprecated action, 2 error */
+/*
+ * Returns 0 ok, 1 deprecated action, 2 rule error,
+ * 3 multiple rule insert/delete
+ */
static int audit_rule_setup(const char *opt, int *flags, int *act)
{
+ static int multiple = 0;
+ if (++multiple != 1)
+ return 3;
+
if (strstr(opt, "task"))
*flags = AUDIT_FILTER_TASK;
else if (strstr(opt, "entry"))
@@ -530,7 +537,11 @@ static int setopt(int count, char *vars[])
retval = -1;
} else {
rc = audit_rule_setup(optarg, &add, &action);
- if (rc > 1) {
+ if (rc == 3) {
+ fprintf(stderr,
+ "Multiple rule insert/delete operation is not allowed\n");
+ retval = -1;
+ } else if (rc == 2) {
fprintf(stderr,
"Append rule - bad keyword %s\n",
optarg);
@@ -550,7 +561,11 @@ static int setopt(int count, char *vars[])
retval = -1;
} else {
rc = audit_rule_setup(optarg, &add, &action);
- if (rc > 1) {
+ if (rc == 3) {
+ fprintf(stderr,
+ "Multiple rule insert/delete operation is not allowed\n");
+ retval = -1;
+ } else if (rc == 2) {
fprintf(stderr,
"Add rule - bad keyword %s\n", optarg);
retval = -1;
@@ -566,7 +581,11 @@ static int setopt(int count, char *vars[])
break;
case 'd':
rc = audit_rule_setup(optarg, &del, &action);
- if (rc > 1) {
+ if (rc == 3) {
+ fprintf(stderr,
+ "Multiple rule insert/delete operation is not allowed\n");
+ retval = -1;
+ } else if (rc == 2) {
fprintf(stderr, "Delete rule - bad keyword %s\n",
optarg);
retval = -1;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: the problem of option '-a', '-A', '-d' and '-D'
2008-07-22 1:24 ` Yu Zhiguo
@ 2008-07-22 23:17 ` Steve Grubb
0 siblings, 0 replies; 4+ messages in thread
From: Steve Grubb @ 2008-07-22 23:17 UTC (permalink / raw)
To: Yu Zhiguo; +Cc: audit-list
On Monday 21 July 2008 21:24:54 Yu Zhiguo wrote:
> This is the patch, can you apply it?
> If there are some deficiencies, please give me your indication.
Looks good. Thanks for the patch.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-07-22 23:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-21 7:15 the problem of option '-a', '-A', '-d' and '-D' Yu Zhiguo
2008-07-21 16:37 ` Steve Grubb
2008-07-22 1:24 ` Yu Zhiguo
2008-07-22 23:17 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox