If I run the rmdir command with a directory path with a slash at its end,
Audit doesn't record the deleted directory path.
Audit rule:
-a always,exit -F dir=/sasdata -F arch=b64 -S creat -S open -S openat -S
unlink -S unlinkat -S symlink -S symlinkat -S link -S linkat -S rename -S
renameat -S chmo
Hello all,
As many of you are aware, normally with the close of the merge window
and the release of -rc1 I typically reset the selinux/next and
audit/next branches to Linus' -rc1 tag. However, as you may have
heard already, there is a nasty problem with the early v5.12 kernels,
including -rc1, wh
On Thu, Mar 4, 2021 at 5:04 AM Jeffrey Vander Stoep wrote:
> On Sat, Feb 20, 2021 at 3:45 PM Paul Moore wrote:
> > On Fri, Feb 19, 2021 at 9:57 PM James Morris wrote:
> > > On Fri, 19 Feb 2021, Paul Moore wrote:
> > > > diff --git a/drivers/android/binder.c b/drivers/android/binder.c
> > > > ind
On Wed, Mar 3, 2021 at 9:21 PM Casey Schaufler wrote:
> On 3/3/2021 4:46 PM, Paul Moore wrote:
...
> > Assuming you are still good with these changes Casey, any chance I can
> > get an ACK on the LSM and Smack patches?
>
> Yes. You can add my:
>
> Acked-by: Casey Schaufler
>
> to both.
Done, t
On Sat, Feb 20, 2021 at 3:45 PM Paul Moore wrote:
>
> On Fri, Feb 19, 2021 at 9:57 PM James Morris wrote:
> > On Fri, 19 Feb 2021, Paul Moore wrote:
> > > diff --git a/drivers/android/binder.c b/drivers/android/binder.c
> > > index c119736ca56ac..39d501261108d 100644
> > > --- a/drivers/android/b
Hello,
On Thursday, March 4, 2021 10:45:03 AM EST Ivan Castell wrote:
> Just testing different versions of audit, discovered that version 2.8.5 and
> 3.0.1 are changing permissions of /tmp from 1777 to 700. This is a problem
> as normal non-root users can't write in /tmp after starting autitd.
>
Hello all.
Just testing different versions of audit, discovered that version 2.8.5 and
3.0.1 are changing permissions of /tmp from 1777 to 700. This is a problem as
normal non-root users can't write in /tmp after starting autitd.
The problem is related with the daemon, as commenting this call: