I'm trying to find a way to quickly determine if auditing is enabled and it looks like the only real way to do that is to declare audit_enabled as an extern and check the variable directly. Is there some interface for this that I am missing?

On Tuesday 14 November 2006 12:48, Paul Moore wrote: >I'm trying to find a way to quickly determine if auditing is enabled and it >looks like the only real way to do that is to declare audit_enabled as an >extern and check the variable directly. Is there some interface for this >that I am missing? A good example of how to do this is in audit.h: static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) { if (unlikely(!audit_dummy_context())) return __audit_ipc_obj(ipcp); return 0; } __audit_ipc_obj is the real function that does the actual work. The audit_dummy_context() function uses current, so it may not be suitable to use on events that come from netlink. In that case, we'd need a new function that takes a task struct.

From what I can tell audit_dummy_context() is really only useful in detecting if