Re: another issue with Audit

This is a really strange problem .. seems like I have a knack to finding those. I am running lspp.18 kernel (SELinux in permissive mode), audit-1.2.1 on an x86_64 system. Here is what is happening .. someone else please try this and let me know if you see the same problem... # auditctl -w /tmp/file1 >> works fine # auditctl -w /tmp/file6 Error sending add rule request (File exists) # auditctl -w /tmp/afile Error sending add rule request (File exists) # auditctl -w /tmp/newfile >> works fine # auditctl -w /tmp/thefile Error sending add rule request (File exists) Here is what I noticed from this pattern ... as long as the length of the file name I am adding watch on is the same, it says the watch already exists... So I tried something else to see if only the file name matters or the whole path length ... # mkdir /foo # auditctl -w /foo/file3 >> notice .. same length as /tmp/file1 Error sending add rule request (File exists) # auditctl -w /foo/foofile >> notice .. same length as /tmp/newfile Error sending add rule request (File exists) # auditctl -w /foo/anotherfile >> works fine So you see ... even using a different directory still says the watch exists. If this is happening with others .. this definitely seems like a bug to me. Thanks, -Loulwa -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit