Bug 156325 - auditctl output ends with a spurious 'No rules' message
auditctl output ends with a spurious 'No rules' message
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: audit (Show other bugs)
rawhide
All Linux
medium Severity low
: ---
: ---
Assigned To: Steve Grubb
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-28 18:05 EDT by Ziga Mahkovec
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 0.7.3-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-06 10:26:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ziga Mahkovec 2005-04-28 18:05:09 EDT
Description of problem:
When an audit rule without a field is added, auditctl will append a "No rules"
message to the list.

Version-Release number of selected component (if applicable):
audit-0.7.1-1

How reproducible:
always

Steps to Reproduce:

# auditctl -D
No rules

# auditctl -a exit,always -S open
AUDIT_LIST: exit always syscall=open
No rules

# auditctl -l
AUDIT_LIST: exit always syscall=open
No rules

# auditctl -a exit,always -S open -F success=0
AUDIT_LIST: exit always syscall=open
AUDIT_LIST: exit always success=0 syscall=open

# auditctl -l
AUDIT_LIST: exit always syscall=open
AUDIT_LIST: exit always success=0 syscall=open

  
Actual results:
The first list command's result ends with a "No rules" message.

Expected results:
Only the rule should be listed, as is the case when the second rule is added.
Comment 1 Steve Grubb 2005-04-28 18:33:07 EDT
Thanks for the report. I see the same problem. I'll try to get a new package out
soon.
Comment 2 Ziga Mahkovec 2005-05-06 09:59:21 EDT
No longer seeing this with audit-0.7.3-2.
Comment 3 Steve Grubb 2005-05-06 10:26:41 EDT
Good. I made some changes to the netlink communication protocol to try and
resolve it. I will consider this fixed. Thanks for the feedback.

Note You need to log in before you can comment on or make changes to this bug.