[PATCH] audit: don't generate loginuid log when audit disabled
Gao feng
gaofeng at cn.fujitsu.com
Fri Nov 1 00:55:03 UTC 2013
On 10/31/2013 10:50 PM, Steve Grubb wrote:
> On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
>> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
>> ---
>> kernel/auditsc.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
>> index 065c7a1..92d0e92 100644
>> --- a/kernel/auditsc.c
>> +++ b/kernel/auditsc.c
>> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
>> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
>> uid_t uid, ologinuid, nloginuid;
>>
>> + if (audit_enabled == AUDIT_OFF)
>> + return;
>> +
>> uid = from_kuid(&init_user_ns, task_uid(current));
>> ologinuid = from_kuid(&init_user_ns, koldloginuid);
>> nloginuid = from_kuid(&init_user_ns, kloginuid),
>
> Are you wanting to avoid the audit event or prevent the use of
> loginuid/sessionid when audit is disabled? What if we shutdown auditd (which
> could disable auditing), someone logs in, and we restart auditd? Wouldn't
> their context not have the correct credentials? What about non audit users of
> this information?
>
audit_log_set_loginuid is just used to log the setting loginuid message.
this patch will prevent this message being generated when audit is disabled,
we can still set/use loginuid.
Anything I missed?
Thanks
Gao
More information about the Linux-audit
mailing list