From: Linda K. <lin...@hp...> - 2011-03-06 20:18:53
|
Paul Moore wrote: > On Wednesday, February 23, 2011 6:55:58 PM James Czyzak wrote: >> I lumped all these together because it's basically the same patch for >> multiple scripts using the auditctl command. There are 5 patches. > > It is okay to patch multiple files into a single patch, but posting multiple > patches in a single email makes it hard to apply your changes to source > repository - see the patch submission guidelines I just sent to the list. > >> The problem I ran into was the -w option of the command no longer seems to >> work in combination with the -a option The solution in the manpage is >> what I used. There could be some comments in this patch or just some >> white space differences that are unnecessary. I will try not to combine >> patches in the same email in the future >> >> #1 >> >> diff -uprN filter/tests/test_class_attr.bash >> ../../current/audit-test/filter/tests/test_class_attr.bash >> --- filter/tests/test_class_attr.bash 2008-03-12 07:20:26.000000000 -0700 >> +++ ../../current/audit-test/filter/tests/test_class_attr.bash >> 2010-07-29 12:49:47.000000000 -0700 >> @@ -25,8 +25,10 @@ source filter_functions.bash || exit 2 >> >> watch=$tmp1 >> >> -auditctl -a exit,always -w $watch -p a >> -prepend_cleanup "auditctl -d exit,always -w $watch -p a" >> +# auditctl -a exit,always -w $watch -p a >> +prepend_cleanup "auditctl -d exit,always -F path=$watch -F perm=a" >> + >> +auditctl -a exit,always -F path=$watch -F perm=a >> >> log_mark=$(stat -c %s $audit_log) > > I'm just going to comment on one of the files, since like you said, they are > all pretty much the same change. > > I'd much rather you simply remove the old code and not comment it out (the > auditctl command). Leaving old code around like that can be confusing at > times (why is that line commented out?) making the code harder to read and > bloating functions. One of the nice things about putting the code into a > revision control system is that if we ever need to get to the old code we can; > so don't worry about "losing" the old code, it will always be in the repo if > we need it. > > If you don't mind, this might be a good patch to revise and resubmit using the > suggested patch submission guidelines so you can get the hang of it. If you > have any questions or run into any problems, let me know. I ran into these problems and was starting to fix them when I recalled that Jim had submitted these patches. Since I really wanted a clean run, I went ahead and fixed these 5 files, taking Jim's additions and addressing Paul's comments. See https://sourceforge.net/mailarchive/message.php?msg_id=27161036 -- ljk > > -- > paul moore > linux @ hp > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer |