From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4 Description of problem: The mode reported by PATH records seems to be the parent dir permissions rather than the file that is listed: type=PATH msg=audit(06/07/05 13:54:22.683:3988791) : item=1 name=/mnt/target/etc/passwd.old inode=393217 dev=03:09 mode=dir,755 ouid=root ogid=root rdev=00:00 type=PATH msg=audit(06/07/05 13:54:22.683:3988791) : item=0 name=/mnt/target/etc/passwd inode=393217 dev=03:09 mode=dir,755 ouid=root ogid=root rdev=00:00 type=CWD msg=audit(06/07/05 13:54:22.683:3988791) : cwd=/home/sgrubb type=FS_WATCH msg=audit(06/07/05 13:54:22.683:3988791) : inode=393220 inode_uid=root inode_gid=root inode_dev=03:09 inode_rdev=00:00 type=FS_WATCH msg=audit(06/07/05 13:54:22.683:3988791) : watch_inode=393220 watch=passwd filterkey=test perm=read,write,exec,append perm_mask=write type=SYSCALL msg=audit(06/07/05 13:54:22.683:3988791) : arch=i386 syscall=rename success=yes exit=0 a0=bfff3be6 a1=bfff3bfd a2=80562a4 a3=bffeea30 items=2 pid=4137 auid=sgrubb uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root comm=mv exe=/bin/mv This is misleading Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. New feature Additional info:
lookup flags (including the important LOOKUP_PARENT) flag are reported in the audit.61 build.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html