Revision b5fed474b98332559f2590c6bc90388a0899e793 authored by Jan Kara on 15 August 2017, 11:00:37 UTC, committed by Paul Moore on 15 August 2017, 20:03:00 UTC
Although audit_watch_handle_event() can handle FS_UNMOUNT event, it is not part of AUDIT_FS_WATCH mask and thus such event never gets to audit_watch_handle_event(). Thus fsnotify marks are deleted by fsnotify subsystem on unmount without audit being notified about that which leads to a strange state of existing audit rules with dead fsnotify marks. Add FS_UNMOUNT to the mask of events to be received so that audit can clean up its state accordingly. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Paul Moore <paul@paul-moore.com>
1 parent d76036a
makelst
#!/bin/sh
# A script to dump mixed source code & assembly
# with correct relocations from System.map
# Requires the following lines in makefile:
#%.lst: %.c
# $(CC) $(c_flags) -g -c -o $*.o $< &&
# $(srctree)/scripts/makelst $*.o System.map $(OBJDUMP) > $@
#
# Copyright (C) 2000 IBM Corporation
# Author(s): DJ Barrow (djbarrow@de.ibm.com,barrow_dj@yahoo.com)
# William Stearns <wstearns@pobox.com>
#
# awk style field access
field() {
shift $1 ; echo $1
}
t1=`$3 --syms $1 | grep .text | grep -m1 " F "`
if [ -n "$t1" ]; then
t2=`field 6 $t1`
if [ ! -r $2 ]; then
echo "No System.map" >&2
else
t3=`grep $t2 $2`
t4=`field 1 $t3`
t5=`field 1 $t1`
t6=`printf "%lu" $((0x$t4 - 0x$t5))`
fi
fi
$3 -r --source --adjust-vma=${t6:-0} $1
Computing file changes ...
