[RFC PATCH 0/5] Fix some early boot audit problems
Paul Moore
paul at paul-moore.com
Wed Sep 20 18:55:16 UTC 2017
On Fri, Sep 1, 2017 at 9:44 AM, Paul Moore <paul at paul-moore.com> wrote:
> Unfortunately it turns out that we are not properly enabling audit
> early enough in the boot process to tag PID 1 (init/systemd/etc.)
> with the special audit magic necessary to cause PID 1 events to
> be audited. This patch set fixes this problem (look at patch 1/5,
> that should be the only fix that is strictly necessary) and makes
> a few other improvements to make the early enable/initializaton
> code a bit more robust.
>
> ---
>
> Paul Moore (5):
> audit: ensure that 'audit=1' actually enables audit for PID 1
> audit: initialize the audit subsystem as early as possible
> audit: don't use simple_strtol() anymore
> audit: convert audit_ever_enabled to a boolean
> audit: use audit_set_enabled() in audit_enable()
>
>
> kernel/audit.c | 21 +++++++++++++--------
> kernel/audit.h | 2 +-
> 2 files changed, 14 insertions(+), 9 deletions(-)
FYI, I just merged all five patches into audit/next.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list