diff options
author | Eric Paris | 2008-01-08 23:38:31 +0100 |
---|---|---|
committer | Al Viro | 2008-02-01 20:24:45 +0100 |
commit | b593d384efcff7bdf6beb1bc1bc69927977aee26 (patch) | |
tree | 9055ef0decc84dcbf0da67135535f0746e602e8e | |
parent | [AUDIT] clean up audit_receive_msg() (diff) | |
download | kernel-qcow2-linux-b593d384efcff7bdf6beb1bc1bc69927977aee26.tar.gz kernel-qcow2-linux-b593d384efcff7bdf6beb1bc1bc69927977aee26.tar.xz kernel-qcow2-linux-b593d384efcff7bdf6beb1bc1bc69927977aee26.zip |
[AUDIT] create context if auditing was ever enabled
Disabling audit at runtime by auditctl doesn't mean that we can
stop allocating contexts for new processes; we don't want to miss them
when that sucker is reenabled.
(based on work from Al Viro in the RHEL kernel series)
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | kernel/audit.c | 16 | ||||
-rw-r--r-- | kernel/auditsc.c | 3 |
2 files changed, 15 insertions, 4 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 549b2f55b649..1242021c7a6d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -70,6 +70,7 @@ static int audit_initialized; #define AUDIT_ON 1 #define AUDIT_LOCKED 2 int audit_enabled; +int audit_ever_enabled; /* Default state when kernel boots without any parameters. */ static int audit_default; @@ -310,11 +311,17 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) static int audit_set_enabled(int state, uid_t loginuid, u32 sid) { + int rc; if (state < AUDIT_OFF || state > AUDIT_LOCKED) return -EINVAL; - return audit_do_config_change("audit_enabled", &audit_enabled, state, - loginuid, sid); + rc = audit_do_config_change("audit_enabled", &audit_enabled, state, + loginuid, sid); + + if (!rc) + audit_ever_enabled |= !!state; + + return rc; } static int audit_set_failure(int state, uid_t loginuid, u32 sid) @@ -857,6 +864,7 @@ static int __init audit_init(void) skb_queue_head_init(&audit_skb_queue); audit_initialized = 1; audit_enabled = audit_default; + audit_ever_enabled |= !!audit_default; /* Register the callback with selinux. This callback will be invoked * when a new policy is loaded. */ @@ -884,8 +892,10 @@ static int __init audit_enable(char *str) printk(KERN_INFO "audit: %s%s\n", audit_default ? "enabled" : "disabled", audit_initialized ? "" : " (after initialization)"); - if (audit_initialized) + if (audit_initialized) { audit_enabled = audit_default; + audit_ever_enabled |= !!audit_default; + } return 1; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6e03322e155b..1c06ecf38d7b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -70,6 +70,7 @@ #include "audit.h" extern struct list_head audit_filter_list[]; +extern int audit_ever_enabled; /* AUDIT_NAMES is the number of slots we reserve in the audit_context * for saving names from getname(). */ @@ -838,7 +839,7 @@ int audit_alloc(struct task_struct *tsk) struct audit_context *context; enum audit_state state; - if (likely(!audit_enabled)) + if (likely(!audit_ever_enabled)) return 0; /* Return if not auditing. */ state = audit_filter_task(tsk); |