Re: [PATCH 1/2] audit: move processing of "audit" boot param to audit_init()

On Tue, Feb 27, 2018 at 5:52 PM, Greg Edwards <gedwards(a)ddn.com&gt; wrote: > So, if you want to keep the panic behavior on bad audit parameters, your > delayed processing should do the trick. If it instead, you are fine > with just pr_err and leaving audit enabled for that error case, then we > are almost back to my original patch, with the exceptions you previously > noted: > > * leave audit enabled on parsing error > * change panic on audit_set_enabled() failure to pr_err > * handle on/off as well If we get rid of the need to panic(), which I think we are all okay with, I think we can resolve everything with something like this, yes? diff --git a/kernel/audit.c b/kernel/audit.c index 1a3e75d9a66c..d41d09e84163 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1618,16 +1618,20 @@ postcore_initcall(audit_init); /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ static int __init audit_enable(char *str) { - long val; - - if (kstrtol(str, 0, &val)) - panic("audit: invalid 'audit' parameter value (%s)\n", str); - audit_default = (val ? AUDIT_ON : AUDIT_OFF); + if (!strcasecmp(str, "off") || !strcmp(str, "0")) + audit_default = AUDIT_OFF; + else if (!strcasecmp(str, "on") || !strcmp(str, "1")) + audit_default = AUDIT_ON; + else { + pr_err("audit: invalid 'audit' parameter value (%s)\n", str); + audit_default = AUDIT_ON; + } if (audit_default == AUDIT_OFF) audit_initialized = AUDIT_DISABLED; if (audit_set_enabled(audit_default)) - panic("audit: error setting audit state (%d)\n", audit_default); + pr_err("audit: error setting audit state (%d)\n", + audit_default); pr_info("%s\n", audit_default ? "enabled (after initialization)" : "disabled (until reboot)");