Re: [RFC PATCH] audit: force seccomp event logging to honor the audit_enabled flag

Previously we were emitting seccomp audit records regardless of the audit_enabled setting, a deparature from the rest of audit. This patch makes seccomp auditing consistent with the rest of the audit record generation code in that when audit_enabled=0 nothing is logged by the audit subsystem. The bulk of this patch is moving the CONFIG_AUDIT block ahead of the CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real code change was in the audit_seccomp() definition. Reported-by: Tony Jones <tonyj(a)suse.de&gt; Signed-off-by: Paul Moore <pmoore(a)redhat.com&gt;