On 14/11/17, Steve Grubb wrote:
On Monday, November 17, 2014 01:08:39 PM Richard Guy Briggs wrote:
> > > Looks like good output to me, Steve?
> >
> > I would like it better if the following was tested as root:
> >
> > auditctl -s
> > echo "1" > /proc/self/loginuid
> > auditctl --loginuid-immutable
> > auditctl -s
> > echo "2" > /proc/self/loginuid
> >
> > This was we know that the feature is correctly reported, selected, and
> > working.
>
> This looks sane:
Thanks for testing this.
> [root@f20 ~]# auditctl -s
> enabled 1
> flag 1
> pid 307
> rate_limit 0
> backlog_limit 320
> lost 0
> backlog 0
> backlog_wait_time 60000
> loginuid_immutable 0 unlocked
> [root@f20 ~]# echo "1" > /proc/self/loginuid
> [root@f20 ~]# auditctl --loginuid-immutable
> [root@f20 ~]# auditctl -s
> enabled 1
> flag 1
> pid 307
> rate_limit 0
> backlog_limit 320
> lost 0
> backlog 0
> backlog_wait_time 60000
> loginuid_immutable 1 locked
> [root@f20 ~]# echo "2" > /proc/self/loginuid
> -bash: echo: write error: Operation not permitted
OK. Looks good to me, too.
I've added the test procedure to the bug report.
-Steve
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545