* the problem of option '-a', '-A', '-d' and '-D' @ 2008-07-21 7:15 Yu Zhiguo 2008-07-21 16:37 ` Steve Grubb 0 siblings, 1 reply; 4+ messages in thread From: Yu Zhiguo @ 2008-07-21 7:15 UTC (permalink / raw) To: Steve Grubb; +Cc: audit-list Hello steve, Now options '-a', '-A', '-d' and '-D' can be used simultaneously in a rule, but just the last one of them is effective. This usage will make users confused, for example: # auditctl -a entry,always -F uid=500 -A task,always -F uid=600 -a exit,always is equal to: # auditctl -a exit,always -F uid=500 -F uid=600 I think we'd better not allow these options be used simultaneously, otherwise an error message will be reported. What's your opinion? If you agree with me, I'll make a patch. -- Regards Yu Zhiguo -------------------------------------------------- Yu Zhiguo Development Dept.I Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) 8/F., Civil Defense Building, No.189 Guangzhou Road, Nanjing, 210029, China TEL: +86+25-86630566-836 COINS: 79955-836 FAX: +86+25-83317685 MAIL: yuzg@cn.fujitsu.com -------------------------------------------------- This communication is for use by the intended recipient(s) only and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not an intended recipient of this communication, you are hereby notified that any dissemination, distribution or copying hereof is strictly prohibited. If you have received this communication in error, please notify me by reply e-mail, permanently delete this communication from your system, and destroy any hard copies you may have printed. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: the problem of option '-a', '-A', '-d' and '-D' 2008-07-21 7:15 the problem of option '-a', '-A', '-d' and '-D' Yu Zhiguo @ 2008-07-21 16:37 ` Steve Grubb 2008-07-22 1:24 ` Yu Zhiguo 0 siblings, 1 reply; 4+ messages in thread From: Steve Grubb @ 2008-07-21 16:37 UTC (permalink / raw) To: Yu Zhiguo; +Cc: audit-list On Monday 21 July 2008 03:15:29 Yu Zhiguo wrote: > I think we'd better not allow these options be used simultaneously, > otherwise an error message will be reported. > What's your opinion? If you agree with me, I'll make a patch. Correct, it should not allow multiple rule insert/delete options. -Steve ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: the problem of option '-a', '-A', '-d' and '-D' 2008-07-21 16:37 ` Steve Grubb @ 2008-07-22 1:24 ` Yu Zhiguo 2008-07-22 23:17 ` Steve Grubb 0 siblings, 1 reply; 4+ messages in thread From: Yu Zhiguo @ 2008-07-22 1:24 UTC (permalink / raw) To: Steve Grubb; +Cc: audit-list Hello Mr. Steve, This is the patch, can you apply it? If there are some deficiencies, please give me your indication. Steve Grubb wrote: >> What's your opinion? If you agree with me, I'll make a patch. > Correct, it should not allow multiple rule insert/delete options. > -Steve Now options '-a', '-A', '-d' can be used simultaneously in a rule, but just the last one of them is effective. This usage will make users confused. So it had better not allow these options be used simultaneously, otherwise an error message will be reported. Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com> --- src/auditctl.c | 27 +++++++++++++++++++++++---- 1 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/auditctl.c b/src/auditctl.c index 2c136ea..9f31067 100644 --- a/src/auditctl.c +++ b/src/auditctl.c @@ -165,9 +165,16 @@ static void usage(void) ); } -/* Returns 0 ok, 1 deprecated action, 2 error */ +/* + * Returns 0 ok, 1 deprecated action, 2 rule error, + * 3 multiple rule insert/delete + */ static int audit_rule_setup(const char *opt, int *flags, int *act) { + static int multiple = 0; + if (++multiple != 1) + return 3; + if (strstr(opt, "task")) *flags = AUDIT_FILTER_TASK; else if (strstr(opt, "entry")) @@ -530,7 +537,11 @@ static int setopt(int count, char *vars[]) retval = -1; } else { rc = audit_rule_setup(optarg, &add, &action); - if (rc > 1) { + if (rc == 3) { + fprintf(stderr, + "Multiple rule insert/delete operation is not allowed\n"); + retval = -1; + } else if (rc == 2) { fprintf(stderr, "Append rule - bad keyword %s\n", optarg); @@ -550,7 +561,11 @@ static int setopt(int count, char *vars[]) retval = -1; } else { rc = audit_rule_setup(optarg, &add, &action); - if (rc > 1) { + if (rc == 3) { + fprintf(stderr, + "Multiple rule insert/delete operation is not allowed\n"); + retval = -1; + } else if (rc == 2) { fprintf(stderr, "Add rule - bad keyword %s\n", optarg); retval = -1; @@ -566,7 +581,11 @@ static int setopt(int count, char *vars[]) break; case 'd': rc = audit_rule_setup(optarg, &del, &action); - if (rc > 1) { + if (rc == 3) { + fprintf(stderr, + "Multiple rule insert/delete operation is not allowed\n"); + retval = -1; + } else if (rc == 2) { fprintf(stderr, "Delete rule - bad keyword %s\n", optarg); retval = -1; ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: the problem of option '-a', '-A', '-d' and '-D' 2008-07-22 1:24 ` Yu Zhiguo @ 2008-07-22 23:17 ` Steve Grubb 0 siblings, 0 replies; 4+ messages in thread From: Steve Grubb @ 2008-07-22 23:17 UTC (permalink / raw) To: Yu Zhiguo; +Cc: audit-list On Monday 21 July 2008 21:24:54 Yu Zhiguo wrote: > This is the patch, can you apply it? > If there are some deficiencies, please give me your indication. Looks good. Thanks for the patch. -Steve ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-07-22 23:17 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-07-21 7:15 the problem of option '-a', '-A', '-d' and '-D' Yu Zhiguo 2008-07-21 16:37 ` Steve Grubb 2008-07-22 1:24 ` Yu Zhiguo 2008-07-22 23:17 ` Steve Grubb
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox