diff options
| author | Eric Paris <eparis@redhat.com> | 2008-11-05 12:47:09 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-09 02:27:37 -0500 |
| commit | a3f07114e3359fb98683069ae397220e8992a24a (patch) | |
| tree | d5af821616dd749be416ccbbe3f25f6919ea0af9 | |
| parent | 218d11a8b071b23b76c484fd5f72a4fe3306801e (diff) | |
[PATCH] Audit: make audit=0 actually turn off audit
Currently audit=0 on the kernel command line does absolutely nothing.
Audit always loads and always uses its resources such as creating the
kernel netlink socket. This patch causes audit=0 to actually disable
audit. Audit will use no resources and starting the userspace auditd
daemon will not cause the kernel audit system to activate.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | kernel/audit.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 4414e93d8750..d8646c23b427 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -61,8 +61,11 @@ | |||
| 61 | 61 | ||
| 62 | #include "audit.h" | 62 | #include "audit.h" |
| 63 | 63 | ||
| 64 | /* No auditing will take place until audit_initialized != 0. | 64 | /* No auditing will take place until audit_initialized == AUDIT_INITIALIZED. |
| 65 | * (Initialization happens after skb_init is called.) */ | 65 | * (Initialization happens after skb_init is called.) */ |
| 66 | #define AUDIT_DISABLED -1 | ||
| 67 | #define AUDIT_UNINITIALIZED 0 | ||
| 68 | #define AUDIT_INITIALIZED 1 | ||
| 66 | static int audit_initialized; | 69 | static int audit_initialized; |
| 67 | 70 | ||
| 68 | #define AUDIT_OFF 0 | 71 | #define AUDIT_OFF 0 |
| @@ -965,6 +968,9 @@ static int __init audit_init(void) | |||
| 965 | { | 968 | { |
| 966 | int i; | 969 | int i; |
| 967 | 970 | ||
| 971 | if (audit_initialized == AUDIT_DISABLED) | ||
| 972 | return 0; | ||
| 973 | |||
| 968 | printk(KERN_INFO "audit: initializing netlink socket (%s)\n", | 974 | printk(KERN_INFO "audit: initializing netlink socket (%s)\n", |
| 969 | audit_default ? "enabled" : "disabled"); | 975 | audit_default ? "enabled" : "disabled"); |
| 970 | audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0, | 976 | audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0, |
| @@ -976,7 +982,7 @@ static int __init audit_init(void) | |||
| 976 | 982 | ||
| 977 | skb_queue_head_init(&audit_skb_queue); | 983 | skb_queue_head_init(&audit_skb_queue); |
| 978 | skb_queue_head_init(&audit_skb_hold_queue); | 984 | skb_queue_head_init(&audit_skb_hold_queue); |
| 979 | audit_initialized = 1; | 985 | audit_initialized = AUDIT_INITIALIZED; |
| 980 | audit_enabled = audit_default; | 986 | audit_enabled = audit_default; |
| 981 | audit_ever_enabled |= !!audit_default; | 987 | audit_ever_enabled |= !!audit_default; |
| 982 | 988 | ||
| @@ -999,13 +1005,21 @@ __initcall(audit_init); | |||
| 999 | static int __init audit_enable(char *str) | 1005 | static int __init audit_enable(char *str) |
| 1000 | { | 1006 | { |
| 1001 | audit_default = !!simple_strtol(str, NULL, 0); | 1007 | audit_default = !!simple_strtol(str, NULL, 0); |
| 1002 | printk(KERN_INFO "audit: %s%s\n", | 1008 | if (!audit_default) |
| 1003 | audit_default ? "enabled" : "disabled", | 1009 | audit_initialized = AUDIT_DISABLED; |
| 1004 | audit_initialized ? "" : " (after initialization)"); | 1010 | |
| 1005 | if (audit_initialized) { | 1011 | printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled"); |
| 1012 | |||
| 1013 | if (audit_initialized == AUDIT_INITIALIZED) { | ||
| 1006 | audit_enabled = audit_default; | 1014 | audit_enabled = audit_default; |
| 1007 | audit_ever_enabled |= !!audit_default; | 1015 | audit_ever_enabled |= !!audit_default; |
| 1016 | } else if (audit_initialized == AUDIT_UNINITIALIZED) { | ||
| 1017 | printk(" (after initialization)"); | ||
| 1018 | } else { | ||
| 1019 | printk(" (until reboot)"); | ||
| 1008 | } | 1020 | } |
| 1021 | printk("\n"); | ||
| 1022 | |||
| 1009 | return 1; | 1023 | return 1; |
| 1010 | } | 1024 | } |
| 1011 | 1025 | ||
| @@ -1146,7 +1160,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, | |||
| 1146 | int reserve; | 1160 | int reserve; |
| 1147 | unsigned long timeout_start = jiffies; | 1161 | unsigned long timeout_start = jiffies; |
| 1148 | 1162 | ||
| 1149 | if (!audit_initialized) | 1163 | if (audit_initialized != AUDIT_INITIALIZED) |
| 1150 | return NULL; | 1164 | return NULL; |
| 1151 | 1165 | ||
| 1152 | if (unlikely(audit_filter_type(type))) | 1166 | if (unlikely(audit_filter_type(type))) |