[PATCH ghak59 V1 2/2] audit: watch: simplify audit_enabled check
Paul Moore
paul at paul-moore.com
Thu Jun 28 15:47:47 UTC 2018
On Thu, Jun 14, 2018 at 4:22 PM Richard Guy Briggs <rgb at redhat.com> wrote:
>
> Check the audit_enabled flag and bail immediately. This does not change
> the functionality, but brings the code format in line with similar
> checks in audit_tree_log_remove_rule(), audit_mark_log_rule_change(),
> and elsewhere in the audit code.
>
> See: https://github.com/linux-audit/audit-kernel/issues/50
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> kernel/audit_watch.c | 29 +++++++++++++++--------------
> 1 file changed, 15 insertions(+), 14 deletions(-)
Merged, thanks.
As a FYI for future patches, please don't use "audit: X: <one-liner>"
as a subject line unless you are crossing subsystem boundaries. As an
example, the following is okay:
audit: selinux: make things more awesomer
... while this isn't something I like seeing:
audit: watch: simplify audit_enabled check
... because the "watch" in this case refers to the audit watch code
which is part of the audit subsystem already.
> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index f1ba889..9b4836b 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -238,20 +238,21 @@ static struct audit_watch *audit_dupe_watch(struct audit_watch *old)
>
> static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watch *w, char *op)
> {
> - if (audit_enabled) {
> - struct audit_buffer *ab;
> - ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
> - if (unlikely(!ab))
> - return;
> - audit_log_format(ab, "auid=%u ses=%u op=%s",
> - from_kuid(&init_user_ns, audit_get_loginuid(current)),
> - audit_get_sessionid(current), op);
> - audit_log_format(ab, " path=");
> - audit_log_untrustedstring(ab, w->path);
> - audit_log_key(ab, r->filterkey);
> - audit_log_format(ab, " list=%d res=1", r->listnr);
> - audit_log_end(ab);
> - }
> + struct audit_buffer *ab;
> +
> + if (!audit_enabled)
> + return;
> + ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
> + if (!ab)
> + return;
> + audit_log_format(ab, "auid=%u ses=%u op=%s",
> + from_kuid(&init_user_ns, audit_get_loginuid(current)),
> + audit_get_sessionid(current), op);
> + audit_log_format(ab, " path=");
> + audit_log_untrustedstring(ab, w->path);
> + audit_log_key(ab, r->filterkey);
> + audit_log_format(ab, " list=%d res=1", r->listnr);
> + audit_log_end(ab);
> }
>
> /* Update inode info in audit rules based on filesystem event. */
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list