On Monday, November 17, 2014 01:08:39 PM Richard Guy Briggs wrote:
> > Looks like good output to me, Steve?
>
> I would like it better if the following was tested as root:
>
> auditctl -s
> echo "1" > /proc/self/loginuid
> auditctl --loginuid-immutable
> auditctl -s
> echo "2" > /proc/self/loginuid
>
> This was we know that the feature is correctly reported, selected, and
> working.
This looks sane:
Thanks for testing this.
[root@f20 ~]# auditctl -s
enabled 1
flag 1
pid 307
rate_limit 0
backlog_limit 320
lost 0
backlog 0
backlog_wait_time 60000
loginuid_immutable 0 unlocked
[root@f20 ~]# echo "1" > /proc/self/loginuid
[root@f20 ~]# auditctl --loginuid-immutable
[root@f20 ~]# auditctl -s
enabled 1
flag 1
pid 307
rate_limit 0
backlog_limit 320
lost 0
backlog 0
backlog_wait_time 60000
loginuid_immutable 1 locked
[root@f20 ~]# echo "2" > /proc/self/loginuid
-bash: echo: write error: Operation not permitted
OK. Looks good to me, too.
-Steve