[PATCH] Audit: make audit=0 actually turn off audit

Currently audit=0 on the kernel command line does absolutely nothing. Audit always loads and always uses its resources such as creating the kernel netlink socket. This patch causes audit=0 to actually disable audit. Audit will use no resources and starting the userspace auditd daemon will not cause the kernel audit system to activate. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

[PATCH] Audit: make audit=0 actually turn off audit
Currently audit=0 on the kernel command line does absolutely nothing. Audit always loads and always uses its resources such as creating the kernel netlink socket. This patch causes audit=0 to actually disable audit. Audit will use no resources and starting the userspace auditd daemon will not cause the kernel audit system to activate. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Eric Paris · Al Viro
1 parent 218d11a8b0
Showing 1 changed file with 21 additions and 7 deletions Side-by-side Diff
kernel/audit.c
@@ -61,8 +61,11 @@
  
 #include "audit.h"
  
-/* No auditing will take place until audit_initialized != 0.
+/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED.
  * (Initialization happens after skb_init is called.) */
+#define AUDIT_DISABLED		-1
+#define AUDIT_UNINITIALIZED	0
+#define AUDIT_INITIALIZED	1
 static int	audit_initialized;
  
 #define AUDIT_OFF	0
@@ -965,6 +968,9 @@
 {
 	int i;
  
+	if (audit_initialized == AUDIT_DISABLED)
+		return 0;
+
 	printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
 	       audit_default ? "enabled" : "disabled");
 	audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
@@ -976,7 +982,7 @@
  
 	skb_queue_head_init(&audit_skb_queue);
 	skb_queue_head_init(&audit_skb_hold_queue);
-	audit_initialized = 1;
+	audit_initialized = AUDIT_INITIALIZED;
 	audit_enabled = audit_default;
 	audit_ever_enabled |= !!audit_default;
  
  
  
@@ -999,13 +1005,21 @@
 static int __init audit_enable(char *str)
 {
 	audit_default = !!simple_strtol(str, NULL, 0);
-	printk(KERN_INFO "audit: %s%s\n",
-	       audit_default ? "enabled" : "disabled",
-	       audit_initialized ? "" : " (after initialization)");
-	if (audit_initialized) {
+	if (!audit_default)
+		audit_initialized = AUDIT_DISABLED;
+
+	printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
+
+	if (audit_initialized == AUDIT_INITIALIZED) {
 		audit_enabled = audit_default;
 		audit_ever_enabled |= !!audit_default;
+	} else if (audit_initialized == AUDIT_UNINITIALIZED) {
+		printk(" (after initialization)");
+	} else {
+		printk(" (until reboot)");
 	}
+	printk("\n");
+
 	return 1;
 }
  
@@ -1146,7 +1160,7 @@
 	int reserve;
 	unsigned long timeout_start = jiffies;
  
-	if (!audit_initialized)
+	if (audit_initialized != AUDIT_INITIALIZED)
 		return NULL;
  
 	if (unlikely(audit_filter_type(type)))
...	...	@@ -61,8 +61,11 @@
61	61
62	62	#include "audit.h"
63	63
64		-/* No auditing will take place until audit_initialized != 0.
	64	+/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED.
65	65	* (Initialization happens after skb_init is called.) */
	66	+#define AUDIT_DISABLED -1
	67	+#define AUDIT_UNINITIALIZED 0
	68	+#define AUDIT_INITIALIZED 1
66	69	static int audit_initialized;
67	70
68	71	#define AUDIT_OFF 0
...	...	@@ -965,6 +968,9 @@
965	968	{
966	969	int i;
967	970
	971	+ if (audit_initialized == AUDIT_DISABLED)
	972	+ return 0;
	973	+
968	974	printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
969	975	audit_default ? "enabled" : "disabled");
970	976	audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
...	...	@@ -976,7 +982,7 @@
976	982
977	983	skb_queue_head_init(&audit_skb_queue);
978	984	skb_queue_head_init(&audit_skb_hold_queue);
979		- audit_initialized = 1;
	985	+ audit_initialized = AUDIT_INITIALIZED;
980	986	audit_enabled = audit_default;
981	987	audit_ever_enabled \|= !!audit_default;
982	988
983	989
984	990
...	...	@@ -999,13 +1005,21 @@
999	1005	static int __init audit_enable(char *str)
1000	1006	{
1001	1007	audit_default = !!simple_strtol(str, NULL, 0);
1002		- printk(KERN_INFO "audit: %s%s\n",
1003		- audit_default ? "enabled" : "disabled",
1004		- audit_initialized ? "" : " (after initialization)");
1005		- if (audit_initialized) {
	1008	+ if (!audit_default)
	1009	+ audit_initialized = AUDIT_DISABLED;
	1010	+
	1011	+ printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
	1012	+
	1013	+ if (audit_initialized == AUDIT_INITIALIZED) {
1006	1014	audit_enabled = audit_default;
1007	1015	audit_ever_enabled \|= !!audit_default;
	1016	+ } else if (audit_initialized == AUDIT_UNINITIALIZED) {
	1017	+ printk(" (after initialization)");
	1018	+ } else {
	1019	+ printk(" (until reboot)");
1008	1020	}
	1021	+ printk("\n");
	1022	+
1009	1023	return 1;
1010	1024	}
1011	1025
...	...	@@ -1146,7 +1160,7 @@
1146	1160	int reserve;
1147	1161	unsigned long timeout_start = jiffies;
1148	1162
1149		- if (!audit_initialized)
	1163	+ if (audit_initialized != AUDIT_INITIALIZED)
1150	1164	return NULL;
1151	1165
1152	1166	if (unlikely(audit_filter_type(type)))