]> git.hungrycats.org Git - linux/commitdiff
projects / linux / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1b9baf3)
audit: ensure that 'audit=1' actually enables audit for PID 1
authorPaul Moore <paul@paul-moore.com>
Fri, 1 Sep 2017 13:44:34 +0000 (09:44 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 16 Dec 2017 09:33:56 +0000 (10:33 +0100)
[ Upstream commit 173743dd99a49c956b124a74c8aacb0384739a4c ]

Prior to this patch we enabled audit in audit_init(), which is too
late for PID 1 as the standard initcalls are run after the PID 1 task
is forked.  This means that we never allocate an audit_context (see
audit_alloc()) for PID 1 and therefore miss a lot of audit events
generated by PID 1.

This patch enables audit as early as possible to help ensure that when
PID 1 is forked it can allocate an audit_context if required.

Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/audit.c patch | blob | history

diff --git a/kernel/audit.c b/kernel/audit.c
index 5ffcbd354a520b88781ed2d66c7839a7aaa7f86d..41f9a38bb80010f8207ae2129da0ab1670430bf8 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -80,13 +80,13 @@ static int  audit_initialized;
 #define AUDIT_OFF      0
 #define AUDIT_ON       1
 #define AUDIT_LOCKED   2
-u32            audit_enabled;
-u32            audit_ever_enabled;
+u32            audit_enabled = AUDIT_OFF;
+u32            audit_ever_enabled = !!AUDIT_OFF;
 
 EXPORT_SYMBOL_GPL(audit_enabled);
 
 /* Default state when kernel boots without any parameters. */
-static u32     audit_default;
+static u32     audit_default = AUDIT_OFF;
 
 /* If auditing cannot proceed, audit_failure selects what happens. */
 static u32     audit_failure = AUDIT_FAIL_PRINTK;
@@ -1179,8 +1179,6 @@ static int __init audit_init(void)
        skb_queue_head_init(&audit_skb_queue);
        skb_queue_head_init(&audit_skb_hold_queue);
        audit_initialized = AUDIT_INITIALIZED;
-       audit_enabled = audit_default;
-       audit_ever_enabled |= !!audit_default;
 
        audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
 
@@ -1197,6 +1195,8 @@ static int __init audit_enable(char *str)
        audit_default = !!simple_strtol(str, NULL, 0);
        if (!audit_default)
                audit_initialized = AUDIT_DISABLED;
+       audit_enabled = audit_default;
+       audit_ever_enabled = !!audit_enabled;
 
        pr_info("%s\n", audit_default ?
                "enabled (after initialization)" : "disabled (until reboot)");
Linux kernels and configurations used by Zygo.