All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: Checking for audit_enabled in the kernel
Date: Tue, 14 Nov 2006 14:01:48 -0500	[thread overview]
Message-ID: <200611141401.48925.sgrubb@redhat.com> (raw)
In-Reply-To: <455A0157.9060100@hp.com>

On Tuesday 14 November 2006 12:48, Paul Moore wrote:
> I'm trying to find a way to quickly determine if auditing is enabled and it
> looks like the only real way to do that is to declare audit_enabled as an
> extern and check the variable directly.  Is there some interface for this
> that I am missing?

A good example of how to do this is in audit.h:

static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
{
         if (unlikely(!audit_dummy_context()))
                return __audit_ipc_obj(ipcp);
         return 0;
}

__audit_ipc_obj is the real function that does the actual work. The 
audit_dummy_context() function uses current, so it may not be suitable to use 
on events that come from netlink. In that case, we'd need a new function that 
takes a task struct.

-Steve

  reply	other threads:[~2006-11-14 19:01 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-14 17:48 Checking for audit_enabled in the kernel Paul Moore
2006-11-14 19:01 ` Steve Grubb [this message]
2006-11-14 19:07   ` Steve Grubb
2006-11-14 20:57   ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200611141401.48925.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.