summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-08 17:38:31 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:24:45 -0500
commitb593d384efcff7bdf6beb1bc1bc69927977aee26 (patch)
tree9055ef0decc84dcbf0da67135535f0746e602e8e /kernel
parent50397bd1e471391d27f64efad9271459c913de87 (diff)
downloadop-kernel-dev-b593d384efcff7bdf6beb1bc1bc69927977aee26.zip
op-kernel-dev-b593d384efcff7bdf6beb1bc1bc69927977aee26.tar.gz
[AUDIT] create context if auditing was ever enabled
Disabling audit at runtime by auditctl doesn't mean that we can stop allocating contexts for new processes; we don't want to miss them when that sucker is reenabled. (based on work from Al Viro in the RHEL kernel series) Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/audit.c16
-rw-r--r--kernel/auditsc.c3
2 files changed, 15 insertions, 4 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 549b2f5..1242021 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -70,6 +70,7 @@ static int audit_initialized;
#define AUDIT_ON 1
#define AUDIT_LOCKED 2
int audit_enabled;
+int audit_ever_enabled;
/* Default state when kernel boots without any parameters. */
static int audit_default;
@@ -310,11 +311,17 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
{
+ int rc;
if (state < AUDIT_OFF || state > AUDIT_LOCKED)
return -EINVAL;
- return audit_do_config_change("audit_enabled", &audit_enabled, state,
- loginuid, sid);
+ rc = audit_do_config_change("audit_enabled", &audit_enabled, state,
+ loginuid, sid);
+
+ if (!rc)
+ audit_ever_enabled |= !!state;
+
+ return rc;
}
static int audit_set_failure(int state, uid_t loginuid, u32 sid)
@@ -857,6 +864,7 @@ static int __init audit_init(void)
skb_queue_head_init(&audit_skb_queue);
audit_initialized = 1;
audit_enabled = audit_default;
+ audit_ever_enabled |= !!audit_default;
/* Register the callback with selinux. This callback will be invoked
* when a new policy is loaded. */
@@ -884,8 +892,10 @@ static int __init audit_enable(char *str)
printk(KERN_INFO "audit: %s%s\n",
audit_default ? "enabled" : "disabled",
audit_initialized ? "" : " (after initialization)");
- if (audit_initialized)
+ if (audit_initialized) {
audit_enabled = audit_default;
+ audit_ever_enabled |= !!audit_default;
+ }
return 1;
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6e03322..1c06ecf 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -70,6 +70,7 @@
#include "audit.h"
extern struct list_head audit_filter_list[];
+extern int audit_ever_enabled;
/* AUDIT_NAMES is the number of slots we reserve in the audit_context
* for saving names from getname(). */
@@ -838,7 +839,7 @@ int audit_alloc(struct task_struct *tsk)
struct audit_context *context;
enum audit_state state;
- if (likely(!audit_enabled))
+ if (likely(!audit_ever_enabled))
return 0; /* Return if not auditing. */
state = audit_filter_task(tsk);
OpenPOWER on IntegriCloud