From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
From: Attila Lakatos <Cropi@users.noreply.github.com>
Date: Wed, 12 Jun 2024 18:22:00 +0200
Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)

Some audit operators were not displayed properly
because auditctl used the "=" operator in all
the scenarios mentioned above.

Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
Conflict:NA

---
 src/auditctl-listing.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
index 57ae1837..9c322670 100644
--- a/src/auditctl-listing.c
+++ b/src/auditctl-listing.c
@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
 					printf("-w %.*s", r->values[i],
 						&r->buf[boffset]);
 				else
-					printf(" -F path=%.*s",	r->values[i],
+					printf(" -F path%s%.*s",
+						audit_operator_to_symbol(op),
+						r->values[i],
 						&r->buf[boffset]);
 				boffset += r->values[i];
 			} else if (field == AUDIT_DIR) {
@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
 					printf("-w %.*s", r->values[i],
 						&r->buf[boffset]);
 				else
-					printf(" -F dir=%.*s", r->values[i],
+					printf(" -F dir%s%.*s",
+						audit_operator_to_symbol(op),
+						r->values[i],
 						&r->buf[boffset]);
 
 				boffset += r->values[i];
 			} else if (field == AUDIT_EXE) {
-				printf(" -F exe=%.*s",
+				printf(" -F exe%s%.*s",
+					audit_operator_to_symbol(op),
 					r->values[i], &r->buf[boffset]);
 				boffset += r->values[i];
 			} else if (field == AUDIT_FILTERKEY) {
-- 
2.33.0