On Wednesday 06 August 2008 04:15:17 Zhang Xiliang wrote: > I found some code is invalid in auditctl. > So I suggested to delete it.
OK, I guess this needs cleanup after changing PERM to require new rule format. > diff --git a/src/auditctl.c b/src/auditctl.c > index b356faa..93e84a0 100644 > --- a/src/auditctl.c > +++ b/src/auditctl.c > @@ -737,12 +737,7 @@ static int setopt(int count, char *vars[]) > switch (rc) > { > case 0: > - if (which == OLD && > - rule.fields[rule.field_count-1] == > - AUDIT_PERM) > - audit_permadded = 1; > - else if (which == NEW && > - > rule_new->fields[rule_new->field_count-1] == > + if > (rule_new->fields[rule_new->field_count-1] == AUDIT_PERM) > audit_permadded = 1; > break; I think I want to "and" this with which == NEW to make sure we don't index past something if the rules were still the old form. Updated and applied. Thanks for the patch ! -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit