From mboxrd@z Thu Jan  1 00:00:00 1970
From: zhangxiliang <zhangxiliang@cn.fujitsu.com>
Subject: Re: [PATCH 4/4] Add the checking of key field for a watch or syscall
 given
Date: Tue, 05 Aug 2008 14:47:26 +0800
Message-ID: <4897F77E.5060903@cn.fujitsu.com>
References: <48943410.5030400@cn.fujitsu.com>
	<200808042006.10991.sgrubb@redhat.com>
	<4897A095.7010605@cn.fujitsu.com>
	<200808042159.00711.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <200808042159.00711.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Steve Grubb said the following on 2008-08-05 9:59:
> 
> Right, but I don't see where it gets set to a 1.
>  

Thank you for your suggestion.
I found the audit_permadded is set to 1 in audit_setup_perms() and setopt() after the AUDIT_PERM field.
But I think it is not enough.

When the watch is added and AUDIT_PERM is not added, the perm r,w,x,a should be added by kernel default.
So I think the audit_permadded should be set to 1 after a watch added.
I make a new patch for it. The "key" patch and new patch should use together.

Subject: [PATCH] When the watch is set, the audit_permadded should be set to 1

Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com>
---
 lib/libaudit.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/lib/libaudit.c b/lib/libaudit.c
index 71267de..9a317c5 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -580,6 +580,8 @@ int audit_add_watch_dir(int type, struct audit_rule_data **rulep,
 	rule->fieldflags[1] = AUDIT_EQUAL;
 	rule->values[1] = AUDIT_PERM_READ | AUDIT_PERM_WRITE |
 				AUDIT_PERM_EXEC | AUDIT_PERM_ATTR;
+	
+	audit_permadded = 1;
 
 	return  0;
 }
@@ -941,6 +943,10 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
 				rule = *rulep;
 			}
 			strncpy(&rule->buf[offset], v, vlen);
+
+			if(flags && (AUDIT_WATCH || AUDIT_DIR))
+				audit_permadded = 1;
+
 			break;
 		case AUDIT_ARCH:
 			if (audit_syscalladded)