Bug 507561

Summary: Removal of directory doesn't produce audit record if rule is recursive
Product: Red Hat Enterprise Linux 5 Reporter: RHEL Program Management <pm-rhel>
Component: kernelAssignee: Jiri Pirko <jpirko>
Status: CLOSED ERRATA QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.3CC: dhoward, dzickus, emcnabb, iboverma, jplans, mmcallis, pm-eus, rkhan
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-04 13:16:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 501321    
Bug Blocks:    

Description RHEL Program Management 2009-06-23 10:30:30 UTC
This bug has been copied from bug #501321 and has been proposed
to be backported to 5.3 z-stream (EUS).

Comment 3 Jiri Pirko 2009-07-07 10:59:47 UTC
in kernel-2.6.18-128.1.17.el

Comment 6 Murray McAllister 2009-08-03 00:56:13 UTC
Bug description:

* using an audit rule to recursively watch a directory, and then deleting
that directory, only resulted in an audit record of the audit rule being
removed, and not the directory.

Comment 8 errata-xmlrpc 2009-08-04 13:16:23 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.