Bug 15098 - vfs_full_audit logs 'all' if incorrect operation is used
Summary: vfs_full_audit logs 'all' if incorrect operation is used
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.15.7
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-15 19:09 UTC by Rowland Penny
Modified: 2022-08-11 11:17 UTC (History)
2 users (show)

See Also:

Attachments
git-am fix for master. (1.59 KB, patch)
2022-06-15 20:31 UTC, Jeremy Allison 		no flags Details
git-am fix for master. (7.79 KB, patch)
2022-06-16 19:10 UTC, Jeremy Allison 		no flags Details
git-am fix for 4.16.next, 4.15.next. (8.14 KB, patch)
2022-06-17 16:08 UTC, Jeremy Allison 		jra: review? (slow)
rpenny: review-
Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rowland Penny 2022-06-15 19:09:50 UTC 
If you set 'full_audit:success = pwrite write rename' (for instance), then all operations will be logged (rename has been replaced with renameat).

Jeremy's comment on a recent mailing list post:

We should probably just log a debug message
about the unknown name and then ignore the
unknown name instead of going full "ALL"
on the audit.
Comment 1 Jeremy Allison 2022-06-15 20:31:15 UTC 
Created attachment 17356 [details]
git-am fix for master.

Raw patch so I don't lose it. Now we need a test..
Comment 2 Jeremy Allison 2022-06-16 19:10:39 UTC 
Created attachment 17365 [details]
git-am fix for master.

Added tests and man page update. Now to run through gitlab-ci.
Comment 3 Samba QA Contact 2022-06-17 02:19:04 UTC 
This bug was referenced in samba master:

fe78d3c014d1756fe628175baeaa08c58e3e2f02
ec91a583708c57d0da28da7b70e6366153129c64
69bb8853f61212074a7095055fb3570660a1cc27
Comment 4 Jeremy Allison 2022-06-17 16:08:04 UTC 
Created attachment 17369 [details]
git-am fix for 4.16.next, 4.15.next.

Cherry-picked from master.
Comment 5 Rowland Penny 2022-08-11 11:16:31 UTC 
closing as fixed