Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[PATCH] Audit: make audit=0 actually turn off audit
Currently audit=0 on the kernel command line does absolutely nothing.
Audit always loads and always uses its resources such as creating the
kernel netlink socket. This patch causes audit=0 to actually disable
audit. Audit will use no resources and starting the userspace auditd
daemon will not cause the kernel audit system to activate.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
authored by Eric Paris and committed by Al Viro a3f07114 218d11a8
+21
-7
kernel/audit.c
+21
-7
kernel/audit.c
···
61
62
#include "audit.h"
63
64
-
/* No auditing will take place until audit_initialized != 0.
65
* (Initialization happens after skb_init is called.) */
66
static int audit_initialized;
67
68
#define AUDIT_OFF 0
···
968
{
969
int i;
970
971
printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
972
audit_default ? "enabled" : "disabled");
973
audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
···
982
983
skb_queue_head_init(&audit_skb_queue);
984
skb_queue_head_init(&audit_skb_hold_queue);
985
-
audit_initialized = 1;
986
audit_enabled = audit_default;
987
audit_ever_enabled |= !!audit_default;
988
···
1005
static int __init audit_enable(char *str)
1006
{
1007
audit_default = !!simple_strtol(str, NULL, 0);
1008
-
printk(KERN_INFO "audit: %s%s\n",
1009
-
audit_default ? "enabled" : "disabled",
1010
-
audit_initialized ? "" : " (after initialization)");
1011
-
if (audit_initialized) {
1012
audit_enabled = audit_default;
1013
audit_ever_enabled |= !!audit_default;
1014
}
1015
return 1;
1016
}
1017
···
1160
int reserve;
1161
unsigned long timeout_start = jiffies;
1162
1163
-
if (!audit_initialized)
1164
return NULL;
1165
1166
if (unlikely(audit_filter_type(type)))
···
61
62
#include "audit.h"
63
64
+
/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED.
65
* (Initialization happens after skb_init is called.) */
66
+
#define AUDIT_DISABLED -1
67
+
#define AUDIT_UNINITIALIZED 0
68
+
#define AUDIT_INITIALIZED 1
69
static int audit_initialized;
70
71
#define AUDIT_OFF 0
···
965
{
966
int i;
967
968
+
if (audit_initialized == AUDIT_DISABLED)
969
+
return 0;
970
+
971
printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
972
audit_default ? "enabled" : "disabled");
973
audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
···
976
977
skb_queue_head_init(&audit_skb_queue);
978
skb_queue_head_init(&audit_skb_hold_queue);
979
+
audit_initialized = AUDIT_INITIALIZED;
980
audit_enabled = audit_default;
981
audit_ever_enabled |= !!audit_default;
982
···
999
static int __init audit_enable(char *str)
1000
{
1001
audit_default = !!simple_strtol(str, NULL, 0);
1002
+
if (!audit_default)
1003
+
audit_initialized = AUDIT_DISABLED;
1004
+
1005
+
printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
1006
+
1007
+
if (audit_initialized == AUDIT_INITIALIZED) {
1008
audit_enabled = audit_default;
1009
audit_ever_enabled |= !!audit_default;
1010
+
} else if (audit_initialized == AUDIT_UNINITIALIZED) {
1011
+
printk(" (after initialization)");
1012
+
} else {
1013
+
printk(" (until reboot)");
1014
}
1015
+
printk("\n");
1016
+
1017
return 1;
1018
}
1019
···
1146
int reserve;
1147
unsigned long timeout_start = jiffies;
1148
1149
+
if (audit_initialized != AUDIT_INITIALIZED)
1150
return NULL;
1151
1152
if (unlikely(audit_filter_type(type)))