Re: [PATCH] [BZ905179] audit: omit check for uid and gid validity in audit rules and data

On Tuesday, April 16, 2013 03:38:23 PM Richard Guy Briggs wrote: > On Tue, Apr 09, 2013 at 02:39:32AM -0700, Eric W. Biederman wrote: > > Andrew Morton <akpm(a)linux-foundation.org&gt; writes: > > > On Wed, 20 Mar 2013 15:18:17 -0400 Richard Guy Briggs <rgb(a)redhat.com&gt; wrote: > > >> audit rule additions containing "-F auid!=4294967295" were failing with > > >> EINVAL.> > > The only case where this appears to make the least little bit of sense > > is if the goal of the test is to test to see if an audit logloginuid > > has been set at all. In which case depending on a test against > > 4294967295 is bogus because you are depending on an intimate internal > > kernel implementation detail. > > > > How about something like my untested patch below that add an explicit > > operation to test if loginuid has been set? > > Sorry for the delay in testing this, I had another urgent bug and a > belligerent test box... > > I like this approach better than mine now that I understand it. I've > tested the patch below without any changes. It works as expected with > my previous test case. I don't know if a Signed-off-by: is appropriate > for me in this case, but I'll throw in a: > > Tested-by: Richard Guy Briggs <rbriggs(a)redhat.com&gt; > > and recommend a: > > Reported-By: Steve Grubb <sbrubb(a)redhat.com&gt; If this is the approved patch, can it be put in stable? The audit system hasn't worked as intended since January.