Hi,

The India team was seeing a lack of audit records in some of the syscalls tests,
so I did a little manual experimenting. With rules set for entry and exit for chown
and chmod, I found that I got records for chmod and not chown (same results if
I only have rules for one or the other). As root I created a file, su'ed to ealuser,
and tried to do chmod and chown on that file. A record was created for chmod but
not for chown. I su'ed back to root and successfully executed both commands;
again a record for chmod but not chown. We were getting records for chown on
the previous audit release. I haven't tried other syscalls to see how many might
have this problem.



Kris Wilson
Linux Security
(512) 838-0126 T/L:678-0126
krisw@us.ibm.com