Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db23d459 authored by Paul Moore's avatar Paul Moore Committed by Greg Kroah-Hartman
Browse files

audit: ensure that 'audit=1' actually enables audit for PID 1 




[ Upstream commit 173743dd99a49c956b124a74c8aacb0384739a4c ]

Prior to this patch we enabled audit in audit_init(), which is too
late for PID 1 as the standard initcalls are run after the PID 1 task
is forked.  This means that we never allocate an audit_context (see
audit_alloc()) for PID 1 and therefore miss a lot of audit events
generated by PID 1.

This patch enables audit as early as possible to help ensure that when
PID 1 is forked it can allocate an audit_context if required.

Reviewed-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent bf24f222

kernel/audit.c

+5 −5
Original line number Diff line number Diff line
@@ -79,13 +79,13 @@ static int audit_initialized; 
#define AUDIT_OFF	0

#define AUDIT_ON	1

#define AUDIT_LOCKED	2

u32		audit_enabled;

u32		audit_ever_enabled;

u32		audit_enabled = AUDIT_OFF;

u32		audit_ever_enabled = !!AUDIT_OFF;



EXPORT_SYMBOL_GPL(audit_enabled);



/* Default state when kernel boots without any parameters. */

static u32	audit_default;

static u32	audit_default = AUDIT_OFF;



/* If auditing cannot proceed, audit_failure selects what happens. */

static u32	audit_failure = AUDIT_FAIL_PRINTK;
@@ -1173,8 +1173,6 @@ static int __init audit_init(void) 
	skb_queue_head_init(&audit_skb_queue);

	skb_queue_head_init(&audit_skb_hold_queue);

	audit_initialized = AUDIT_INITIALIZED;

	audit_enabled = audit_default;

	audit_ever_enabled |= !!audit_default;



	audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
@@ -1191,6 +1189,8 @@ static int __init audit_enable(char *str) 
	audit_default = !!simple_strtol(str, NULL, 0);

	if (!audit_default)

		audit_initialized = AUDIT_DISABLED;

	audit_enabled = audit_default;

	audit_ever_enabled = !!audit_enabled;



	pr_info("%s\n", audit_default ?

		"enabled (after initialization)" : "disabled (until reboot)");