AUDIT_INODE

Hi Steve, I just discovered that it is no longer possible to add syscall rules based on an inode number. I believe this is due to your recent change preventing a user from adding exit-based syscall rule fields to an entry-based rule. This should fix it for inodes and the other fields as well. Regards, Amy diff -Nrup audit-1.0.2.orig/lib/libaudit.c audit-1.0.2/lib/libaudit.c --- audit-1.0.2.orig/lib/libaudit.c 2005-08-08 15:16:10.000000000 -0400 +++ audit-1.0.2/lib/libaudit.c 2005-08-22 11:38:16.615787233 -0400 @@ -762,7 +762,7 @@ int audit_rule_fieldpair(struct audit_ru case AUDIT_DEVMAJOR...AUDIT_SUCCESS: if (flags == AUDIT_FILTER_ENTRY) return -7; - break; + /* fallthrough */ default: rule->values[rule->field_count] = strtol(v, NULL, 0); break;