commit b593d384efcff7bdf6beb1bc1bc69927977aee26 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[AUDIT] create context if auditing was ever enabled

Disabling audit at runtime by auditctl doesn't mean that we can
stop allocating contexts for new processes; we don't want to miss them
when that sucker is reenabled.

(based on work from Al Viro in the RHEL kernel series)

Signed-off-by: Eric Paris <eparis@redhat.com>

authored by Eric Paris and committed by Al Viro 18 years ago b593d384 50397bd1

+15 -4

2 changed files

expand all

unified split

kernel

audit.c

auditsc.c

+13 -3

kernel/audit.c

··· 70 70 #define AUDIT_ON 1 71 71 #define AUDIT_LOCKED 2 72 72 int audit_enabled; 73 + int audit_ever_enabled; 73 74 74 75 /* Default state when kernel boots without any parameters. */ 75 76 static int audit_default; ··· 311 310 312 311 static int audit_set_enabled(int state, uid_t loginuid, u32 sid) 313 312 { 313 + int rc; 314 314 if (state < AUDIT_OFF || state > AUDIT_LOCKED) 315 315 return -EINVAL; 316 316 317 - return audit_do_config_change("audit_enabled", &audit_enabled, state, 318 - loginuid, sid); 317 + rc = audit_do_config_change("audit_enabled", &audit_enabled, state, 318 + loginuid, sid); 319 + 320 + if (!rc) 321 + audit_ever_enabled |= !!state; 322 + 323 + return rc; 319 324 } 320 325 321 326 static int audit_set_failure(int state, uid_t loginuid, u32 sid) ··· 864 857 skb_queue_head_init(&audit_skb_queue); 865 858 audit_initialized = 1; 866 859 audit_enabled = audit_default; 860 + audit_ever_enabled |= !!audit_default; 867 861 868 862 /* Register the callback with selinux. This callback will be invoked 869 863 * when a new policy is loaded. */ ··· 892 884 printk(KERN_INFO "audit: %s%s\n", 893 885 audit_default ? "enabled" : "disabled", 894 886 audit_initialized ? "" : " (after initialization)"); 895 - if (audit_initialized) 887 + if (audit_initialized) { 896 888 audit_enabled = audit_default; 889 + audit_ever_enabled |= !!audit_default; 890 + } 897 891 return 1; 898 892 } 899 893

+2 -1

kernel/auditsc.c

··· 70 70 #include "audit.h" 71 71 72 72 extern struct list_head audit_filter_list[]; 73 + extern int audit_ever_enabled; 73 74 74 75 /* AUDIT_NAMES is the number of slots we reserve in the audit_context 75 76 * for saving names from getname(). */ ··· 839 838 struct audit_context *context; 840 839 enum audit_state state; 841 840 842 - if (likely(!audit_enabled)) 841 + if (likely(!audit_ever_enabled)) 843 842 return 0; /* Return if not auditing. */ 844 843 845 844 state = audit_filter_task(tsk);