Re: [PATCH] audit: don't generate loginuid log when audit disabled

On 10/31/2013 10:50 PM, Steve Grubb wrote: > On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote: >> Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com&gt; >> --- >> >> kernel/auditsc.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >> index 065c7a1..92d0e92 100644 >> --- a/kernel/auditsc.c >> +++ b/kernel/auditsc.c >> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t >> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab; >> >> uid_t uid, ologinuid, nloginuid; >> >> + if (audit_enabled == AUDIT_OFF) >> + return; >> + >> >> uid = from_kuid(&init_user_ns, task_uid(current)); >> ologinuid = from_kuid(&init_user_ns, koldloginuid); >> nloginuid = from_kuid(&init_user_ns, kloginuid), > > Are you wanting to avoid the audit event or prevent the use of > loginuid/sessionid when audit is disabled? What if we shutdown auditd > (which could disable auditing), someone logs in, and we restart auditd? > Wouldn't their context not have the correct credentials? What about non > audit users of this information? audit_log_set_loginuid is just used to log the setting loginuid message. this patch will prevent this message being generated when audit is disabled, we can still set/use loginuid.