Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rule.Rule.Build: Don't assume that no syscalls means all syscalls
Rule.Build assumes that if no syscalls are specified they all are set. This is really only the case when the exit list is used since the syscall numbers aren't available in the other lists. When we assume that all of the syscalls are enabled, we end up generating wireformat rules for e.g. 'task,never' that have all of the syscall bits set. That doesn't match what is already used when 'auditctl -a task,never' is used. It may be ignored by the kernel when such a rule is added, but it would cause problems when that rule is deleted.
- Loading branch information