[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit.71 kernel



On Monday 27 June 2005 09:35, David Woodhouse wrote:
> The kernel prints KERN_NOTICE messages during initialisation unless you
> pass 'quiet' on the command line.

I was thinking about something more along these lines:

diff -ur linux-2.6.9.orig/kernel/audit.c linux-2.6.9/kernel/audit.c
--- linux-2.6.9.orig/kernel/audit.c     2005-06-27 09:55:55.000000000 -0400
+++ linux-2.6.9/kernel/audit.c  2005-06-27 09:54:00.000000000 -0400
@@ -928,14 +928,21 @@
        if (!audit_rate_check()) {
                audit_log_lost("rate limit exceeded");
        } else {
+               struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
                if (audit_pid) {
-                       struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
                        nlh->nlmsg_len = ab->skb->len - NLMSG_SPACE(0);
                        skb_queue_tail(&audit_skb_queue, ab->skb);
                        ab->skb = NULL;
                        wake_up_interruptible(&kauditd_wait);
                } else {
-                       printk(KERN_NOTICE "%s\n", ab->skb->data + NLMSG_SPACE(0));
+                       if ((nlh->nlmsg_type >= AUDIT_FIRST_USER_MSG &&
+                               nlh->nlmsg_type <= AUDIT_LAST_USER_MSG &&
+                               nlh->nlmsg_type != AUDIT_USER_AVC) ||
+                               nlh->nlmsg_type == AUDIT_LOGIN ||
+                               nlh->nlmsg_type == AUDIT_USER)
+                               printk(KERN_NOTICE "%s\n", ab->skb->data + NLMSG_SPACE(0));
+                       else
+                               printk(KERN_ERR "%s\n", ab->skb->data + NLMSG_SPACE(0));
                }
        }
        audit_buffer_free(ab);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]