commit a3f07114e3359fb98683069ae397220e8992a24a · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] Audit: make audit=0 actually turn off audit

Currently audit=0 on the kernel command line does absolutely nothing.
Audit always loads and always uses its resources such as creating the
kernel netlink socket. This patch causes audit=0 to actually disable
audit. Audit will use no resources and starting the userspace auditd
daemon will not cause the kernel audit system to activate.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

authored by Eric Paris and committed by Al Viro 17 years ago a3f07114 218d11a8

+21 -7

1 changed file

expand all

unified split

kernel

audit.c

+21 -7

kernel/audit.c

··· 61 61 62 62 #include "audit.h" 63 63 64 - /* No auditing will take place until audit_initialized != 0. 64 + /* No auditing will take place until audit_initialized == AUDIT_INITIALIZED. 65 65 * (Initialization happens after skb_init is called.) */ 66 + #define AUDIT_DISABLED -1 67 + #define AUDIT_UNINITIALIZED 0 68 + #define AUDIT_INITIALIZED 1 66 69 static int audit_initialized; 67 70 68 71 #define AUDIT_OFF 0 ··· 968 965 { 969 966 int i; 970 967 968 + if (audit_initialized == AUDIT_DISABLED) 969 + return 0; 970 + 971 971 printk(KERN_INFO "audit: initializing netlink socket (%s)\n", 972 972 audit_default ? "enabled" : "disabled"); 973 973 audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0, ··· 982 976 983 977 skb_queue_head_init(&audit_skb_queue); 984 978 skb_queue_head_init(&audit_skb_hold_queue); 985 - audit_initialized = 1; 979 + audit_initialized = AUDIT_INITIALIZED; 986 980 audit_enabled = audit_default; 987 981 audit_ever_enabled |= !!audit_default; 988 982 ··· 1005 999 static int __init audit_enable(char *str) 1006 1000 { 1007 1001 audit_default = !!simple_strtol(str, NULL, 0); 1008 - printk(KERN_INFO "audit: %s%s\n", 1009 - audit_default ? "enabled" : "disabled", 1010 - audit_initialized ? "" : " (after initialization)"); 1011 - if (audit_initialized) { 1002 + if (!audit_default) 1003 + audit_initialized = AUDIT_DISABLED; 1004 + 1005 + printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled"); 1006 + 1007 + if (audit_initialized == AUDIT_INITIALIZED) { 1012 1008 audit_enabled = audit_default; 1013 1009 audit_ever_enabled |= !!audit_default; 1010 + } else if (audit_initialized == AUDIT_UNINITIALIZED) { 1011 + printk(" (after initialization)"); 1012 + } else { 1013 + printk(" (until reboot)"); 1014 1014 } 1015 + printk("\n"); 1016 + 1015 1017 return 1; 1016 1018 } 1017 1019 ··· 1160 1146 int reserve; 1161 1147 unsigned long timeout_start = jiffies; 1162 1148 1163 - if (!audit_initialized) 1149 + if (audit_initialized != AUDIT_INITIALIZED) 1164 1150 return NULL; 1165 1151 1166 1152 if (unlikely(audit_filter_type(type)))