[PATCH 1/2] fix auditctl -D

The fix for the problem of auditctl -D not working consists of two patches. One is the userspace patch and the other is for the kernel. Below is the userspace patch. I added AUDIT_DEL_ALL flag. Regards, Joy diff -urpN audit-1.1.5.orig/lib/msg_typetab.h audit-1.1.5/lib/msg_typetab.h --- audit-1.1.5.orig/lib/msg_typetab.h 2006-04-27 15:46:56.000000000 -0500 +++ audit-1.1.5/lib/msg_typetab.h 2006-04-28 09:53:13.000000000 -0500 @@ -31,6 +31,7 @@ //_S(AUDIT_LIST, "LIST" ) //_S(AUDIT_ADD, "ADD" ) //_S(AUDIT_DEL, "DEL" ) +//_S(AUDIT_DEL_ALL, "DEL_ALL" ) _S(AUDIT_USER, "USER" ) _S(AUDIT_LOGIN, "LOGIN" ) //_S(AUDIT_SIGNAL_INFO, "SIGNAL_INFO" ) diff -urpN audit-1.1.5.orig/src/auditctl.c audit-1.1.5/src/auditctl.c --- audit-1.1.5.orig/src/auditctl.c 2006-04-27 15:46:56.000000000 -0500 +++ audit-1.1.5/src/auditctl.c 2006-04-28 09:51:06.000000000 -0500 @@ -1104,62 +1104,12 @@ static int audit_print_reply(struct audi /* Returns 0 for success and -1 for failure */ static int delete_all_rules(void) { - int seq, i; - int timeout = 40; /* tenths of seconds */ - struct audit_reply rep; - fd_set read_mask; + int rc = 0; - /* list the rules */ - seq = audit_request_rules_list(fd); - if (seq <= 0) + rc = audit_send(fd, AUDIT_DEL_ALL, NULL, 0); + if (rc < 0) { + fprintf(stderr, "Error deleting rule (%s)\n", strerror(-rc)); return -1; - - FD_ZERO(&read_mask); - FD_SET(fd, &read_mask); - - for (i = 0; i < timeout; i++) { - struct timeval t; - int rc; - - t.tv_sec = 0; - t.tv_usec = 100000; /* .1 second */ - do { - rc = select(fd+1, &read_mask, NULL, NULL, &t); - } while (rc < 0 && errno == EINTR); - // We'll try to read just in case - rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); - if (rc > 0) { - /* Reset timeout */ - i = 0; - - /* Don't make decisions based on wrong packet */ - if (rep.nlh->nlmsg_seq != seq) - continue; - - /* If we get done or error, break out */ - if (rep.type == NLMSG_DONE) - break; - - if (rep.type == NLMSG_ERROR && rep.error->error) { - fprintf(stderr, - "Error receiving rules list (%s)\n", - strerror(-rep.error->error)); - return -1; - } - - /* If its not what we are expecting, keep looping */ - if (rep.type != AUDIT_LIST) - continue; - - /* Found it, bounce it right back with delete */ - rc = audit_send(fd, AUDIT_DEL, rep.rule, - sizeof(struct audit_rule)); - if (rc < 0) { - fprintf(stderr, "Error deleting rule (%s)\n", - strerror(-rc)); - return -1; - } - } } return 0;