Commit 8d07a67cface19ac07d7324f38bda7bbb06bbdb2
Committed by
Al Viro
Al Viro
1 parent
b29ee87e9b
Exists in
master
and in
4 other branches
[PATCH] drop EOE records from printk
Hi, While we are looking at the printk issue, I see that its printk'ing the EOE (end of event) records which is really not something that we need in syslog. Its really intended for the realtime audit event stream handled by the audit daemon. So, lets avoid printk'ing that record type. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 1 changed file with 8 additions and 6 deletions Side-by-side Diff
kernel/audit.c
| ... | ... | @@ -1353,17 +1353,19 @@ |
| 1353 | 1353 | if (!audit_rate_check()) { |
| 1354 | 1354 | audit_log_lost("rate limit exceeded"); |
| 1355 | 1355 | } else { |
| 1356 | + struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); | |
| 1356 | 1357 | if (audit_pid) { |
| 1357 | - struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); | |
| 1358 | 1358 | nlh->nlmsg_len = ab->skb->len - NLMSG_SPACE(0); |
| 1359 | 1359 | skb_queue_tail(&audit_skb_queue, ab->skb); |
| 1360 | 1360 | ab->skb = NULL; |
| 1361 | 1361 | wake_up_interruptible(&kauditd_wait); |
| 1362 | - } else if (printk_ratelimit()) { | |
| 1363 | - struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); | |
| 1364 | - printk(KERN_NOTICE "type=%d %s\n", nlh->nlmsg_type, ab->skb->data + NLMSG_SPACE(0)); | |
| 1365 | - } else { | |
| 1366 | - audit_log_lost("printk limit exceeded\n"); | |
| 1362 | + } else if (nlh->nlmsg_type != AUDIT_EOE) { | |
| 1363 | + if (printk_ratelimit()) { | |
| 1364 | + printk(KERN_NOTICE "type=%d %s\n", | |
| 1365 | + nlh->nlmsg_type, | |
| 1366 | + ab->skb->data + NLMSG_SPACE(0)); | |
| 1367 | + } else | |
| 1368 | + audit_log_lost("printk limit exceeded\n"); | |
| 1367 | 1369 | } |
| 1368 | 1370 | } |
| 1369 | 1371 | audit_buffer_free(ab); |