From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael C Thompson <thompsmc@us.ibm.com>
Subject: Double addition of rule yields two log messages
Date: Fri, 19 May 2006 10:21:57 -0500
Message-ID: <446DE295.8040503@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k4JFMCaZ028305
	for <linux-audit@redhat.com>; Fri, 19 May 2006 11:22:12 -0400
Received: from e6.ny.us.ibm.com (e6.ny.us.ibm.com [32.97.182.146])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k4JFM9g8019777
	for <linux-audit@redhat.com>; Fri, 19 May 2006 11:22:09 -0400
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by e6.ny.us.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id
	k4JFM4qe023813
	for <linux-audit@redhat.com>; Fri, 19 May 2006 11:22:04 -0400
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64])
	by d01relay04.pok.ibm.com (8.12.10/NCO/VER6.8) with ESMTP id
	k4JFM2sL200978
	for <linux-audit@redhat.com>; Fri, 19 May 2006 11:22:04 -0400
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1])
	by d01av04.pok.ibm.com (8.12.11/8.13.3) with ESMTP id k4JFM1AS007229
	for <linux-audit@redhat.com>; Fri, 19 May 2006 11:22:01 -0400
Received: from [127.0.0.1] ([9.41.46.77])
	by d01av04.pok.ibm.com (8.12.11/8.12.11) with ESMTP id k4JFM1vX007194
	for <linux-audit@redhat.com>; Fri, 19 May 2006 11:22:01 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hey all,

Adding a rule successfully (i.e. not malformed and that rule didn't 
already exist) creates a log entry:
type=CONFIG_CHANGE msg=audit(1147986115.721:28510): auid=0 
subj=root:staff_r:staff_t:s0-s15:c0.c255 add rule to list=2 res=0

Then, adding the same rule again will resulting in an error message 
being reported to the user saying that rule exists (although it uses the 
work "File exists", which if that could be changed to "Rule exists", 
might be nice). However, despite this apparent failure, we get a log entry:
type=CONFIG_CHANGE msg=audit(1147986117.389:28511): auid=0 
subj=root:staff_r:staff_t:s0-s15:c0.c255 add rule to list=2 res=0

Most FYI, not sure if this is a problem or not.

Mike