Commit a3f07114e3359fb98683069ae397220e8992a24a
Committed by
Al Viro
1 parent
218d11a8b0
Exists in
master
and in
4 other branches
[PATCH] Audit: make audit=0 actually turn off audit
Currently audit=0 on the kernel command line does absolutely nothing. Audit always loads and always uses its resources such as creating the kernel netlink socket. This patch causes audit=0 to actually disable audit. Audit will use no resources and starting the userspace auditd daemon will not cause the kernel audit system to activate. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 1 changed file with 21 additions and 7 deletions Side-by-side Diff
kernel/audit.c
... | ... | @@ -61,8 +61,11 @@ |
61 | 61 | |
62 | 62 | #include "audit.h" |
63 | 63 | |
64 | -/* No auditing will take place until audit_initialized != 0. | |
64 | +/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED. | |
65 | 65 | * (Initialization happens after skb_init is called.) */ |
66 | +#define AUDIT_DISABLED -1 | |
67 | +#define AUDIT_UNINITIALIZED 0 | |
68 | +#define AUDIT_INITIALIZED 1 | |
66 | 69 | static int audit_initialized; |
67 | 70 | |
68 | 71 | #define AUDIT_OFF 0 |
... | ... | @@ -965,6 +968,9 @@ |
965 | 968 | { |
966 | 969 | int i; |
967 | 970 | |
971 | + if (audit_initialized == AUDIT_DISABLED) | |
972 | + return 0; | |
973 | + | |
968 | 974 | printk(KERN_INFO "audit: initializing netlink socket (%s)\n", |
969 | 975 | audit_default ? "enabled" : "disabled"); |
970 | 976 | audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0, |
... | ... | @@ -976,7 +982,7 @@ |
976 | 982 | |
977 | 983 | skb_queue_head_init(&audit_skb_queue); |
978 | 984 | skb_queue_head_init(&audit_skb_hold_queue); |
979 | - audit_initialized = 1; | |
985 | + audit_initialized = AUDIT_INITIALIZED; | |
980 | 986 | audit_enabled = audit_default; |
981 | 987 | audit_ever_enabled |= !!audit_default; |
982 | 988 | |
983 | 989 | |
984 | 990 | |
... | ... | @@ -999,13 +1005,21 @@ |
999 | 1005 | static int __init audit_enable(char *str) |
1000 | 1006 | { |
1001 | 1007 | audit_default = !!simple_strtol(str, NULL, 0); |
1002 | - printk(KERN_INFO "audit: %s%s\n", | |
1003 | - audit_default ? "enabled" : "disabled", | |
1004 | - audit_initialized ? "" : " (after initialization)"); | |
1005 | - if (audit_initialized) { | |
1008 | + if (!audit_default) | |
1009 | + audit_initialized = AUDIT_DISABLED; | |
1010 | + | |
1011 | + printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled"); | |
1012 | + | |
1013 | + if (audit_initialized == AUDIT_INITIALIZED) { | |
1006 | 1014 | audit_enabled = audit_default; |
1007 | 1015 | audit_ever_enabled |= !!audit_default; |
1016 | + } else if (audit_initialized == AUDIT_UNINITIALIZED) { | |
1017 | + printk(" (after initialization)"); | |
1018 | + } else { | |
1019 | + printk(" (until reboot)"); | |
1008 | 1020 | } |
1021 | + printk("\n"); | |
1022 | + | |
1009 | 1023 | return 1; |
1010 | 1024 | } |
1011 | 1025 | |
... | ... | @@ -1146,7 +1160,7 @@ |
1146 | 1160 | int reserve; |
1147 | 1161 | unsigned long timeout_start = jiffies; |
1148 | 1162 | |
1149 | - if (!audit_initialized) | |
1163 | + if (audit_initialized != AUDIT_INITIALIZED) | |
1150 | 1164 | return NULL; |
1151 | 1165 | |
1152 | 1166 | if (unlikely(audit_filter_type(type))) |