Gitweb:     http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b593d3...
Commit:     b593d384efcff7bdf6beb1bc1bc69927977aee26
Parent:     50397bd1e471391d27f64efad9271459c913de87
Author:     Eric Paris <eparis@redhat.com>
AuthorDate: Tue Jan 8 17:38:31 2008 -0500
Committer:  Al Viro <viro@zeniv.linux.org.uk>
CommitDate: Fri Feb 1 14:24:45 2008 -0500

    [AUDIT] create context if auditing was ever enabled
    
    Disabling audit at runtime by auditctl doesn't mean that we can
    stop allocating contexts for new processes; we don't want to miss them
    when that sucker is reenabled.
    
    (based on work from Al Viro in the RHEL kernel series)
    
    Signed-off-by: Eric Paris <eparis@redhat.com>
---
 kernel/audit.c   |   16 +++++++++++++---
 kernel/auditsc.c |    3 ++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 549b2f5..1242021 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -70,6 +70,7 @@ static int	audit_initialized;
 #define AUDIT_ON	1
 #define AUDIT_LOCKED	2
 int		audit_enabled;
+int		audit_ever_enabled;
 
 /* Default state when kernel boots without any parameters. */
 static int	audit_default;
@@ -310,11 +311,17 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
 
 static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
 {
+	int rc;
 	if (state < AUDIT_OFF || state > AUDIT_LOCKED)
 		return -EINVAL;
 
-	return audit_do_config_change("audit_enabled", &audit_enabled, state,
-				      loginuid, sid);
+	rc =  audit_do_config_change("audit_enabled", &audit_enabled, state,
+				     loginuid, sid);
+
+	if (!rc)
+		audit_ever_enabled |= !!state;
+
+	return rc;
 }
 
 static int audit_set_failure(int state, uid_t loginuid, u32 sid)
@@ -857,6 +864,7 @@ static int __init audit_init(void)
 	skb_queue_head_init(&audit_skb_queue);
 	audit_initialized = 1;
 	audit_enabled = audit_default;
+	audit_ever_enabled |= !!audit_default;
 
 	/* Register the callback with selinux.  This callback will be invoked
 	 * when a new policy is loaded. */
@@ -884,8 +892,10 @@ static int __init audit_enable(char *str)
 	printk(KERN_INFO "audit: %s%s\n",
 	       audit_default ? "enabled" : "disabled",
 	       audit_initialized ? "" : " (after initialization)");
-	if (audit_initialized)
+	if (audit_initialized) {
 		audit_enabled = audit_default;
+		audit_ever_enabled |= !!audit_default;
+	}
 	return 1;
 }
 
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6e03322..1c06ecf 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -70,6 +70,7 @@
 #include "audit.h"
 
 extern struct list_head audit_filter_list[];
+extern int audit_ever_enabled;
 
 /* AUDIT_NAMES is the number of slots we reserve in the audit_context
  * for saving names from getname(). */
@@ -838,7 +839,7 @@ int audit_alloc(struct task_struct *tsk)
 	struct audit_context *context;
 	enum audit_state     state;
 
-	if (likely(!audit_enabled))
+	if (likely(!audit_ever_enabled))
 		return 0; /* Return if not auditing. */
 
 	state = audit_filter_task(tsk);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html