Bug 447630
| Summary: | auditctl -w /path -F arch=... not allowed | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Miloslav Trmač <mitr> |
| Component: | audit | Assignee: | Steve Grubb <sgrubb> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 9 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-11-20 21:24:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Miloslav Trmač
2008-05-20 21:33:11 UTC
The second form is expected to fail. The -w rule construct is for backwards compatibility with RHEL4. Its limited to just -k and -p options. Any other option should fail. To use the advanced features of the new rule/watch system, you should express the rules in the form of syscall auditing with a path or dir field option. Thanks, I have modified system-config-audit to respect these rules. Other users might find them useful, please document them in auditctl(8). The existing error message should be more general, currently the error message reports something that obviously isn't true. I agree that this could be better explained. I'll see if we can update the man pages as well as auditctl. A better explanation was added in svn commit 193. Closing this out. Thanks for pointing out the documentation problem. |