audit/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch

From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
From: Attila Lakatos <Cropi@users.noreply.github.com>
Date: Wed, 12 Jun 2024 18:22:00 +0200
Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)

Some audit operators were not displayed properly
because auditctl used the "=" operator in all
the scenarios mentioned above.

Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
Conflict:NA

---
 src/auditctl-listing.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
index 57ae1837..9c322670 100644
--- a/src/auditctl-listing.c
+++ b/src/auditctl-listing.c
@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
 					printf("-w %.*s", r->values[i],
 						&r->buf[boffset]);
 				else
-					printf(" -F path=%.*s",	r->values[i],
+					printf(" -F path%s%.*s",
+						audit_operator_to_symbol(op),
+						r->values[i],
 						&r->buf[boffset]);
 				boffset += r->values[i];
 			} else if (field == AUDIT_DIR) {
@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
 					printf("-w %.*s", r->values[i],
 						&r->buf[boffset]);
 				else
-					printf(" -F dir=%.*s", r->values[i],
+					printf(" -F dir%s%.*s",
+						audit_operator_to_symbol(op),
+						r->values[i],
 						&r->buf[boffset]);
 
 				boffset += r->values[i];
 			} else if (field == AUDIT_EXE) {
-				printf(" -F exe=%.*s",
+				printf(" -F exe%s%.*s",
+					audit_operator_to_symbol(op),
 					r->values[i], &r->buf[boffset]);
 				boffset += r->values[i];
 			} else if (field == AUDIT_FILTERKEY) {
-- 
2.33.0
y 2024-08-24 14:26:19 +08:00			`From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001`
			`From: Attila Lakatos <Cropi@users.noreply.github.com>`
			`Date: Wed, 12 Jun 2024 18:22:00 +0200`
			`Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)`

			`Some audit operators were not displayed properly`
			`because auditctl used the "=" operator in all`
			`the scenarios mentioned above.`

			`Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898`
			`Conflict:NA`

			`---`
			`src/auditctl-listing.c \| 11 ++++++++---`
			`1 file changed, 8 insertions(+), 3 deletions(-)`

			`diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c`
			`index 57ae1837..9c322670 100644`
			`--- a/src/auditctl-listing.c`
			`+++ b/src/auditctl-listing.c`
			`@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)`
			`printf("-w %.*s", r->values[i],`
			`&r->buf[boffset]);`
			`else`
			`- printf(" -F path=%.*s", r->values[i],`
			`+ printf(" -F path%s%.*s",`
			`+ audit_operator_to_symbol(op),`
			`+ r->values[i],`
			`&r->buf[boffset]);`
			`boffset += r->values[i];`
			`} else if (field == AUDIT_DIR) {`
			`@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)`
			`printf("-w %.*s", r->values[i],`
			`&r->buf[boffset]);`
			`else`
			`- printf(" -F dir=%.*s", r->values[i],`
			`+ printf(" -F dir%s%.*s",`
			`+ audit_operator_to_symbol(op),`
			`+ r->values[i],`
			`&r->buf[boffset]);`

			`boffset += r->values[i];`
			`} else if (field == AUDIT_EXE) {`
			`- printf(" -F exe=%.*s",`
			`+ printf(" -F exe%s%.*s",`
			`+ audit_operator_to_symbol(op),`
			`r->values[i], &r->buf[boffset]);`
			`boffset += r->values[i];`
			`} else if (field == AUDIT_FILTERKEY) {`
			`--`
			`2.33.0`