[PATCH] audit: don't generate loginuid log when audit disabled
Steve Grubb
sgrubb at redhat.com
Thu Oct 31 14:50:09 UTC 2013
On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
> kernel/auditsc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 065c7a1..92d0e92 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> uid_t uid, ologinuid, nloginuid;
>
> + if (audit_enabled == AUDIT_OFF)
> + return;
> +
> uid = from_kuid(&init_user_ns, task_uid(current));
> ologinuid = from_kuid(&init_user_ns, koldloginuid);
> nloginuid = from_kuid(&init_user_ns, kloginuid),
Are you wanting to avoid the audit event or prevent the use of
loginuid/sessionid when audit is disabled? What if we shutdown auditd (which
could disable auditing), someone logs in, and we restart auditd? Wouldn't
their context not have the correct credentials? What about non audit users of
this information?
-Steve
More information about the Linux-audit
mailing list