Re: Double addition of rule yields two log messages
On Friday 19 May 2006 11:21, Michael C Thompson wrote:
Adding a rule successfully (i.e. not malformed and that rule
didn't
already exist) creates a log entry:
type=CONFIG_CHANGE msg=audit(1147986115.721:28510): auid=0
subj=root:staff_r:staff_t:s0-s15:c0.c255 add rule to list=2 res=0
This one is a failure. res=0. (I suspect you copied the wrong one.)
Then, adding the same rule again will resulting in an error message
being reported to the user saying that rule exists (although it uses the
work "File exists", which if that could be changed to "Rule exists",
might be nice).
I'll fix that.
However, despite this apparent failure, we get a log entry:
type=CONFIG_CHANGE msg=audit(1147986117.389:28511): auid=0
subj=root:staff_r:staff_t:s0-s15:c0.c255 add rule to list=2 res=0
This is reporting that an attempt was made to add a rule and it failed. When
you add a rule and it succeeds, res=1.
-Steve