Audit issue
Eric Paris
eparis at redhat.com
Thu Nov 8 14:35:01 UTC 2007
On Thu, 2007-11-08 at 09:27 -0500, Steve Grubb wrote:
> On Thursday 08 November 2007 09:19:26 Alexander Viro wrote:
> > Have fun...
>
> Thanks for posting this patch. Is it impossible to "repair " processes by
> simply adding a context if the pointer is NULL?
>
>
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index f93c271..83227f8 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -70,6 +70,7 @@ static int audit_initialized;
> > * 1 - auditing enabled
> > * 2 - auditing enabled and configuration is locked/unchangeable. */
> > int audit_enabled;
> > +int audit_ever_enabled;
> >
> > /* Default state when kernel boots without any parameters. */
> > static int audit_default;
> > @@ -965,6 +968,7 @@ static int __init audit_init(void)
> > skb_queue_head_init(&audit_skb_queue);
> > audit_initialized = 1;
> > audit_enabled = audit_default;
> > + audit_ever_enabled |= !!audit_default;
>
> Should the declaration of audit_ever_enabled set a default value like 0 since
> this is being or'ed in? Or should this just be an assignment?
No, global defined variables like this are initialized to 0 in the
kernel. So this already does what you are thinking.
-Eric
More information about the Linux-audit
mailing list