What is the bug

All, Consider the following raw audit event ... node=fedora20.swtf.dyndns.org type=CONFIG_CHANGE msg=audit(1390028319.573:20803): auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 op="remove rule" key="time-change" list=4 res=1 When the auparse library parses this event event, it does not correctly parse the 'op' value and so both auparse_get_field_str() and auparse_interpret_field() both return '"remove' rather than 'remove rule'. Now, I seem to recollect an earlier e-mail that would suggest the bug is in kernel/auditfilter.c:audit_receive_filter() as it calls audit_log_rule_change() with the string "add rule" or "remove rule". One assumes we need to perhaps either a. replace the space with a hyphen in these arguments, or b. in kernel/auditfilter.c:audit_log_rule_change() replace the call audit_log_string(ab, action); with audit_log_untrustedstring(ab, action); If this is the case, then is there any appetite to have these bugs fixed on the next update to the kernel audit code? Thanks in advance Burn