Bug 15098 - vfs_full_audit logs 'all' if incorrect operation is used
Summary: vfs_full_audit logs 'all' if incorrect operation is used
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.15.7
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-15 19:09 UTC by Rowland Penny
Modified: 2022-06-17 16:08 UTC (History)
2 users (show)

See Also:


Attachments
git-am fix for master. (1.59 KB, patch)
2022-06-15 20:31 UTC, Jeremy Allison
no flags Details
git-am fix for master. (7.79 KB, patch)
2022-06-16 19:10 UTC, Jeremy Allison
no flags Details
git-am fix for 4.16.next, 4.15.next. (8.14 KB, patch)
2022-06-17 16:08 UTC, Jeremy Allison
jra: review? (slow)
jra: review? (rpenny)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rowland Penny 2022-06-15 19:09:50 UTC
If you set 'full_audit:success = pwrite write rename' (for instance), then all operations will be logged (rename has been replaced with renameat).

Jeremy's comment on a recent mailing list post:

We should probably just log a debug message
about the unknown name and then ignore the
unknown name instead of going full "ALL"
on the audit.
Comment 1 Jeremy Allison 2022-06-15 20:31:15 UTC
Created attachment 17356 [details]
git-am fix for master.

Raw patch so I don't lose it. Now we need a test..
Comment 2 Jeremy Allison 2022-06-16 19:10:39 UTC
Created attachment 17365 [details]
git-am fix for master.

Added tests and man page update. Now to run through gitlab-ci.
Comment 3 Samba QA Contact 2022-06-17 02:19:04 UTC
This bug was referenced in samba master:

fe78d3c014d1756fe628175baeaa08c58e3e2f02
ec91a583708c57d0da28da7b70e6366153129c64
69bb8853f61212074a7095055fb3570660a1cc27
Comment 4 Jeremy Allison 2022-06-17 16:08:04 UTC
Created attachment 17369 [details]
git-am fix for 4.16.next, 4.15.next.

Cherry-picked from master.