Re: [PATCH] audit: don't generate loginuid log when audit disabled
On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com>
---
kernel/auditsc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 065c7a1..92d0e92 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
uid_t uid, ologinuid, nloginuid;
+ if (audit_enabled == AUDIT_OFF)
+ return;
+
uid = from_kuid(&init_user_ns, task_uid(current));
ologinuid = from_kuid(&init_user_ns, koldloginuid);
nloginuid = from_kuid(&init_user_ns, kloginuid),
Are you wanting to avoid the audit event or prevent the use of
loginuid/sessionid when audit is disabled? What if we shutdown auditd (which
could disable auditing), someone logs in, and we restart auditd? Wouldn't
their context not have the correct credentials? What about non audit users of
this information?
-Steve