[PATCH] audit: don't generate loginuid log when audit disabled
Steve Grubb
sgrubb at redhat.com
Fri Nov 1 01:15:45 UTC 2013
On Friday, November 01, 2013 08:55:03 AM Gao feng wrote:
> On 10/31/2013 10:50 PM, Steve Grubb wrote:
> > On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> >> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> >> ---
> >>
> >> kernel/auditsc.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> >> index 065c7a1..92d0e92 100644
> >> --- a/kernel/auditsc.c
> >> +++ b/kernel/auditsc.c
> >> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> >> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> >>
> >> uid_t uid, ologinuid, nloginuid;
> >>
> >> + if (audit_enabled == AUDIT_OFF)
> >> + return;
> >> +
> >>
> >> uid = from_kuid(&init_user_ns, task_uid(current));
> >> ologinuid = from_kuid(&init_user_ns, koldloginuid);
> >> nloginuid = from_kuid(&init_user_ns, kloginuid),
> >
> > Are you wanting to avoid the audit event or prevent the use of
> > loginuid/sessionid when audit is disabled? What if we shutdown auditd
> > (which could disable auditing), someone logs in, and we restart auditd?
> > Wouldn't their context not have the correct credentials? What about non
> > audit users of this information?
>
> audit_log_set_loginuid is just used to log the setting loginuid message.
> this patch will prevent this message being generated when audit is disabled,
> we can still set/use loginuid.
OK, good. The version of that function I looked at sets the value (3.11
kernel). So, I wanted to make sure we are still able to set the value.
-Steve
More information about the Linux-audit
mailing list