Hello Steve,
I found some code is invalid in auditctl.
So I suggested to delete it.
Signed-off-by: Zhang Xiliang <[EMAIL PROTECTED]>
---
src/auditctl.c | 10 ++--------
1 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index b356faa..93e84a0 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -737,12 +737,7 @@ static int setopt(int count, char *vars[])
switch (rc)
{
case 0:
- if (which == OLD &&
- rule.fields[rule.field_count-1] ==
- AUDIT_PERM)
- audit_permadded = 1;
- else if (which == NEW &&
- rule_new->fields[rule_new->field_count-1] ==
+ if (rule_new->fields[rule_new->field_count-1] ==
AUDIT_PERM)
audit_permadded = 1;
break;
@@ -1385,8 +1380,7 @@ int key_match(struct audit_reply *rep)
}
if (((field >= AUDIT_SUBJ_USER && field <= AUDIT_OBJ_LEV_HIGH)
&& field != AUDIT_PPID) || field == AUDIT_WATCH ||
- field == AUDIT_WATCH || field == AUDIT_DIR ||
- field == AUDIT_FILTERKEY) {
+ field == AUDIT_DIR || field == AUDIT_FILTERKEY) {
boffset += rep->ruledata->values[i];
}
}
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
