lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[AUDIT] create context if auditing was ever enabled

Browse Source 
Disabling audit at runtime by auditctl doesn't mean that we can
stop allocating contexts for new processes; we don't want to miss them
when that sucker is reenabled.

(based on work from Al Viro in the RHEL kernel series)

Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris
2008-01-08 17:38:31 -05:00
committed by Al Viro
parent 50397bd1e4
commit b593d384ef
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kernel/audit.c
View File

@@ -70,6 +70,7 @@ static int audit_initialized;
#define AUDIT_ON 1
#define AUDIT_LOCKED 2
int audit_enabled;
int audit_ever_enabled;
/* Default state when kernel boots without any parameters. */
static int audit_default;
@@ -310,11 +311,17 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
{
int rc;
if (state < AUDIT_OFF || state > AUDIT_LOCKED)
return -EINVAL;
return audit_do_config_change("audit_enabled", &audit_enabled, state,
loginuid, sid);
rc = audit_do_config_change("audit_enabled", &audit_enabled, state,
loginuid, sid);
if (!rc)
audit_ever_enabled |= !!state;
return rc;
}
static int audit_set_failure(int state, uid_t loginuid, u32 sid)
@@ -857,6 +864,7 @@ static int __init audit_init(void)
skb_queue_head_init(&audit_skb_queue);
audit_initialized = 1;
audit_enabled = audit_default;
audit_ever_enabled |= !!audit_default;
/* Register the callback with selinux. This callback will be invoked
* when a new policy is loaded. */
@@ -884,8 +892,10 @@ static int __init audit_enable(char *str)
printk(KERN_INFO "audit: %s%s\n",
audit_default ? "enabled" : "disabled",
audit_initialized ? "" : " (after initialization)");
if (audit_initialized)
if (audit_initialized) {
audit_enabled = audit_default;
audit_ever_enabled |= !!audit_default;
}
return 1;
}