search

linux-audit / audit-kernel

GitHub mirror of the Linux Kernel's audit repository
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
Other
137 stars 36 forks source link

BUG: INTEGRITY_POLICY_RULE violates audit message format #113

Open rgbriggs opened 5 years ago

rgbriggs commented 5 years ago

As noted in https://github.com/linux-audit/audit-kernel/issues/52#issuecomment-331922702 commit 3dd0c8d06511c7c61c62305fcf431ca28884d263 ("ima: provide ">" and "<" operators for fowner/uid/euid rules") violates audit message format by using ">" and "<" as field/value separators.

One suggestion how to address this is in https://github.com/linux-audit/audit-kernel/issues/52#issuecomment-371368604 .