[PATCH ghak59 V1 2/2] audit: watch: simplify audit_enabled check
Richard Guy Briggs
rgb at redhat.com
Fri Jul 13 15:39:19 UTC 2018
On 2018-06-28 11:47, Paul Moore wrote:
> On Thu, Jun 14, 2018 at 4:22 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> >
> > Check the audit_enabled flag and bail immediately. This does not change
> > the functionality, but brings the code format in line with similar
> > checks in audit_tree_log_remove_rule(), audit_mark_log_rule_change(),
> > and elsewhere in the audit code.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/50
> > Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> > ---
> > kernel/audit_watch.c | 29 +++++++++++++++--------------
> > 1 file changed, 15 insertions(+), 14 deletions(-)
>
> Merged, thanks.
>
> As a FYI for future patches, please don't use "audit: X: <one-liner>"
> as a subject line unless you are crossing subsystem boundaries. As an
> example, the following is okay:
>
> audit: selinux: make things more awesomer
>
> ... while this isn't something I like seeing:
>
> audit: watch: simplify audit_enabled check
>
> ... because the "watch" in this case refers to the audit watch code
> which is part of the audit subsystem already.
Ok, so that watch keyword should have been used such as:
"audit: simplify watch audit_enabled check"
I had seen and used it as a sub-sub-system tag rather than an additional
sub-system tag.
Thanks.
> > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > index f1ba889..9b4836b 100644
> > --- a/kernel/audit_watch.c
> > +++ b/kernel/audit_watch.c
> > @@ -238,20 +238,21 @@ static struct audit_watch *audit_dupe_watch(struct audit_watch *old)
> >
> > static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watch *w, char *op)
> > {
> > - if (audit_enabled) {
> > - struct audit_buffer *ab;
> > - ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
> > - if (unlikely(!ab))
> > - return;
> > - audit_log_format(ab, "auid=%u ses=%u op=%s",
> > - from_kuid(&init_user_ns, audit_get_loginuid(current)),
> > - audit_get_sessionid(current), op);
> > - audit_log_format(ab, " path=");
> > - audit_log_untrustedstring(ab, w->path);
> > - audit_log_key(ab, r->filterkey);
> > - audit_log_format(ab, " list=%d res=1", r->listnr);
> > - audit_log_end(ab);
> > - }
> > + struct audit_buffer *ab;
> > +
> > + if (!audit_enabled)
> > + return;
> > + ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
> > + if (!ab)
> > + return;
> > + audit_log_format(ab, "auid=%u ses=%u op=%s",
> > + from_kuid(&init_user_ns, audit_get_loginuid(current)),
> > + audit_get_sessionid(current), op);
> > + audit_log_format(ab, " path=");
> > + audit_log_untrustedstring(ab, w->path);
> > + audit_log_key(ab, r->filterkey);
> > + audit_log_format(ab, " list=%d res=1", r->listnr);
> > + audit_log_end(ab);
> > }
> >
> > /* Update inode info in audit rules based on filesystem event. */
> > --
> > 1.8.3.1
> >
>
>
> --
> paul moore
> www.paul-moore.com
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list