From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yu Zhiguo Subject: the problem of option '-a', '-A', '-d' and '-D' Date: Mon, 21 Jul 2008 15:15:29 +0800 Message-ID: <48843791.10404@cn.fujitsu.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: audit-list List-Id: linux-audit@redhat.com Hello steve, Now options '-a', '-A', '-d' and '-D' can be used simultaneously in a rule, but just the last one of them is effective. This usage will make users confused, for example: # auditctl -a entry,always -F uid=500 -A task,always -F uid=600 -a exit,always is equal to: # auditctl -a exit,always -F uid=500 -F uid=600 I think we'd better not allow these options be used simultaneously, otherwise an error message will be reported. What's your opinion? If you agree with me, I'll make a patch. -- Regards Yu Zhiguo -------------------------------------------------- Yu Zhiguo Development Dept.I Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) 8/F., Civil Defense Building, No.189 Guangzhou Road, Nanjing, 210029, China TEL: +86+25-86630566-836 COINS: 79955-836 FAX: +86+25-83317685 MAIL: yuzg@cn.fujitsu.com -------------------------------------------------- This communication is for use by the intended recipient(s) only and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not an intended recipient of this communication, you are hereby notified that any dissemination, distribution or copying hereof is strictly prohibited. If you have received this communication in error, please notify me by reply e-mail, permanently delete this communication from your system, and destroy any hard copies you may have printed.