[PATCH] Audit: make audit=0 actually turn off audit

Currently audit=0 on the kernel command line does absolutely nothing. Audit always loads and always uses its resources such as creating the kernel netlink socket. This patch causes audit=0 to actually disable audit. Audit will use no resources and starting the userspace auditd daemon will not cause the kernel audit system to activate. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Eric Paris <eparis@redhat.com> 2008-11-05 12:47:09 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-12-09 02:27:37 -0500
commit: a3f07114e3359fb98683069ae397220e8992a24a (patch)
tree: d5af821616dd749be416ccbbe3f25f6919ea0af9 /kernel/audit.c
parent: 218d11a8b071b23b76c484fd5f72a4fe3306801e (diff)
1 files changed, 21 insertions, 7 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 4414e93d8750..d8646c23b427 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -61,8 +61,11 @@
 #include "audit.h"
-/* No auditing will take place until audit_initialized != 0.
+/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED.
 * (Initialization happens after skb_init is called.) */
+#define AUDIT_DISABLED          -1
+#define AUDIT_UNINITIALIZED     0
+#define AUDIT_INITIALIZED       1
 static int      audit_initialized;
 #define AUDIT_OFF       0
@@ -965,6 +968,9 @@ static int __init audit_init(void)
 {
        int i;
+        if (audit_initialized == AUDIT_DISABLED)
+                return 0;
        printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
               audit_default ? "enabled" : "disabled");
        audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
@@ -976,7 +982,7 @@ static int __init audit_init(void)
        skb_queue_head_init(&audit_skb_queue);
        skb_queue_head_init(&audit_skb_hold_queue);
-        audit_initialized = 1;
+        audit_initialized = AUDIT_INITIALIZED;
        audit_enabled = audit_default;
        audit_ever_enabled |= !!audit_default;
@@ -999,13 +1005,21 @@ __initcall(audit_init);
 static int __init audit_enable(char *str)
 {
        audit_default = !!simple_strtol(str, NULL, 0);
-        printk(KERN_INFO "audit: %s%s\n",
+        if (!audit_default)
-               audit_default ? "enabled" : "disabled",
+                audit_initialized = AUDIT_DISABLED;
-               audit_initialized ? "" : " (after initialization)");
-        if (audit_initialized) {
+        printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
+        if (audit_initialized == AUDIT_INITIALIZED) {
                audit_enabled = audit_default;
                audit_ever_enabled |= !!audit_default;
+        } else if (audit_initialized == AUDIT_UNINITIALIZED) {
+                printk(" (after initialization)");
+        } else {
+                printk(" (until reboot)");
        }
+        printk("\n");
        return 1;
 }
@@ -1146,7 +1160,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
        int reserve;
        unsigned long timeout_start = jiffies;
-        if (!audit_initialized)
+        if (audit_initialized != AUDIT_INITIALIZED)
                return NULL;
        if (unlikely(audit_filter_type(type)))
author	Eric Paris <eparis@redhat.com>	2008-11-05 12:47:09 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-12-09 02:27:37 -0500
commit	a3f07114e3359fb98683069ae397220e8992a24a (patch)
tree	d5af821616dd749be416ccbbe3f25f6919ea0af9 /kernel/audit.c
parent	218d11a8b071b23b76c484fd5f72a4fe3306801e (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 4414e93d8750..d8646c23b427 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -61,8 +61,11 @@
61		61
62	#include "audit.h"	62	#include "audit.h"
63		63
64	/* No auditing will take place until audit_initialized != 0.	64	/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED.
65	* (Initialization happens after skb_init is called.) */	65	* (Initialization happens after skb_init is called.) */
		66	#define AUDIT_DISABLED -1
		67	#define AUDIT_UNINITIALIZED 0
		68	#define AUDIT_INITIALIZED 1
66	static int audit_initialized;	69	static int audit_initialized;
67		70
68	#define AUDIT_OFF 0	71	#define AUDIT_OFF 0
@@ -965,6 +968,9 @@ static int __init audit_init(void)
965	{	968	{
966	int i;	969	int i;
967		970
		971	if (audit_initialized == AUDIT_DISABLED)
		972	return 0;
		973
968	printk(KERN_INFO "audit: initializing netlink socket (%s)\n",	974	printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
969	audit_default ? "enabled" : "disabled");	975	audit_default ? "enabled" : "disabled");
970	audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,	976	audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
@@ -976,7 +982,7 @@ static int __init audit_init(void)
976		982
977	skb_queue_head_init(&audit_skb_queue);	983	skb_queue_head_init(&audit_skb_queue);
978	skb_queue_head_init(&audit_skb_hold_queue);	984	skb_queue_head_init(&audit_skb_hold_queue);
979	audit_initialized = 1;	985	audit_initialized = AUDIT_INITIALIZED;
980	audit_enabled = audit_default;	986	audit_enabled = audit_default;
981	audit_ever_enabled \|= !!audit_default;	987	audit_ever_enabled \|= !!audit_default;
982		988
@@ -999,13 +1005,21 @@ __initcall(audit_init);
999	static int __init audit_enable(char *str)	1005	static int __init audit_enable(char *str)
1000	{	1006	{
1001	audit_default = !!simple_strtol(str, NULL, 0);	1007	audit_default = !!simple_strtol(str, NULL, 0);
1002	printk(KERN_INFO "audit: %s%s\n",	1008	if (!audit_default)
1003	audit_default ? "enabled" : "disabled",	1009	audit_initialized = AUDIT_DISABLED;
1004	audit_initialized ? "" : " (after initialization)");	1010
1005	if (audit_initialized) {	1011	printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
		1012
		1013	if (audit_initialized == AUDIT_INITIALIZED) {
1006	audit_enabled = audit_default;	1014	audit_enabled = audit_default;
1007	audit_ever_enabled \|= !!audit_default;	1015	audit_ever_enabled \|= !!audit_default;
		1016	} else if (audit_initialized == AUDIT_UNINITIALIZED) {
		1017	printk(" (after initialization)");
		1018	} else {
		1019	printk(" (until reboot)");
1008	}	1020	}
		1021	printk("\n");
		1022
1009	return 1;	1023	return 1;
1010	}	1024	}
1011		1025
@@ -1146,7 +1160,7 @@ struct audit_buffer audit_log_start(struct audit_context ctx, gfp_t gfp_mask,
1146	int reserve;	1160	int reserve;
1147	unsigned long timeout_start = jiffies;	1161	unsigned long timeout_start = jiffies;
1148		1162
1149	if (!audit_initialized)	1163	if (audit_initialized != AUDIT_INITIALIZED)
1150	return NULL;	1164	return NULL;
1151		1165
1152	if (unlikely(audit_filter_type(type)))	1166	if (unlikely(audit_filter_type(type)))