Re: [RFC PATCH 5/5] audit: use audit_set_enabled() in audit_enable()

Saturday, 2 September 2017

On 2017-09-01 09:45, Paul Moore wrote:
...
 From: Paul Moore <paul(a)paul-moore.com&gt;

 Use audit_set_enabled() to enable auditing during early boot.  This
 obviously won't emit an audit change record, but it will work anyway
 and should help prevent in future problems by consolidating the
 enable/disable code in one function.

 Signed-off-by: Paul Moore <paul(a)paul-moore.com&gt; 
Reviewed-by: Richard Guy Briggs <rgb(a)redhat.com&gt;

...
 ---
  kernel/audit.c |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/kernel/audit.c b/kernel/audit.c
 index 01bf1e479a8c..842237f5182b 100644
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@ -1574,8 +1574,8 @@ static int __init audit_enable(char *str)

  	if (audit_default == AUDIT_OFF)
  		audit_initialized = AUDIT_DISABLED;
 -	audit_enabled = audit_default;
 -	audit_ever_enabled = !!audit_enabled;
 +	if (audit_set_enabled(audit_default))
 +		panic("audit: error setting audit state (%d)\n", audit_default);

  	pr_info("%s\n", audit_default ?
  		"enabled (after initialization)" : "disabled (until reboot)");

 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 https://www.redhat.com/mailman/listinfo/linux-audit 
- RGB

--
Richard Guy Briggs <rgb(a)redhat.com&gt;
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [RFC PATCH 5/5] audit: use audit_set_enabled() in audit_enable()