[RFC PATCH 0/5] Fix some early boot audit problems

Unfortunately it turns out that we are not properly enabling audit early enough in the boot process to tag PID 1 (init/systemd/etc.) with the special audit magic necessary to cause PID 1 events to be audited. This patch set fixes this problem (look at patch 1/5, that should be the only fix that is strictly necessary) and makes a few other improvements to make the early enable/initializaton code a bit more robust. --- Paul Moore (5): audit: ensure that 'audit=1' actually enables audit for PID 1 audit: initialize the audit subsystem as early as possible audit: don't use simple_strtol() anymore audit: convert audit_ever_enabled to a boolean audit: use audit_set_enabled() in audit_enable() kernel/audit.c | 21 +++++++++++++-------- kernel/audit.h | 2 +- 2 files changed, 14 insertions(+), 9 deletions(-)