Re: [PATCH] audit: don't generate loginuid log when audit disabled
On 10/31/2013 10:50 PM, Steve Grubb wrote:
On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com>
> ---
> kernel/auditsc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 065c7a1..92d0e92 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> uid_t uid, ologinuid, nloginuid;
>
> + if (audit_enabled == AUDIT_OFF)
> + return;
> +
> uid = from_kuid(&init_user_ns, task_uid(current));
> ologinuid = from_kuid(&init_user_ns, koldloginuid);
> nloginuid = from_kuid(&init_user_ns, kloginuid),
Are you wanting to avoid the audit event or prevent the use of
loginuid/sessionid when audit is disabled? What if we shutdown auditd (which
could disable auditing), someone logs in, and we restart auditd? Wouldn't
their context not have the correct credentials? What about non audit users of
this information?
audit_log_set_loginuid is just used to log the setting loginuid message.
this patch will prevent this message being generated when audit is disabled,
we can still set/use loginuid.
Anything I missed?
Thanks
Gao