Hi,
I've just released a new version of the audit daemon. It can be downloaded
from
http://people.redhat.com/sgrubb/audit It will also be in rawhide
soon. The Changelog is:
- fchmod of log file was on wrong variable
- Allow use of errno strings for exit codes in audit rules
This release fixes a major bug that got introduced in the last release. The
code that fixes a permission problem was using the wrong variable. It happens
that the result was applied to /dev/null instead of the audit log. If you had
selinux in enforcing mode - nothing happened, for everyone else.../dev/null
probably got messed up. Oopsie.
This release also lets you express audit rules with slightly more readable
exits codes. This means you can now do things like:
auditctl -a always,exit -S open -F exit=-EPERM
Please let me know if you run across any problems with this release.
-Steve