Description of problem: When an audit rule without a field is added, auditctl will append a "No rules" message to the list. Version-Release number of selected component (if applicable): audit-0.7.1-1 How reproducible: always Steps to Reproduce: # auditctl -D No rules # auditctl -a exit,always -S open AUDIT_LIST: exit always syscall=open No rules # auditctl -l AUDIT_LIST: exit always syscall=open No rules # auditctl -a exit,always -S open -F success=0 AUDIT_LIST: exit always syscall=open AUDIT_LIST: exit always success=0 syscall=open # auditctl -l AUDIT_LIST: exit always syscall=open AUDIT_LIST: exit always success=0 syscall=open Actual results: The first list command's result ends with a "No rules" message. Expected results: Only the rule should be listed, as is the case when the second rule is added.
Thanks for the report. I see the same problem. I'll try to get a new package out soon.
No longer seeing this with audit-0.7.3-2.
Good. I made some changes to the netlink communication protocol to try and resolve it. I will consider this fixed. Thanks for the feedback.