From: Steve Grubb <sgrubb@redhat.com>
To: Gao feng <gaofeng@cn.fujitsu.com>
Cc: rgb@redhat.com, linux-audit@redhat.com
Subject: Re: [PATCH] audit: don't generate loginuid log when audit disabled
Date: Thu, 31 Oct 2013 21:15:45 -0400 [thread overview]
Message-ID: <125753871.qT5lM8C8XL@x2> (raw)
In-Reply-To: <5272FBE7.6090708@cn.fujitsu.com>
On Friday, November 01, 2013 08:55:03 AM Gao feng wrote:
> On 10/31/2013 10:50 PM, Steve Grubb wrote:
> > On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> >> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> >> ---
> >>
> >> kernel/auditsc.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> >> index 065c7a1..92d0e92 100644
> >> --- a/kernel/auditsc.c
> >> +++ b/kernel/auditsc.c
> >> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> >> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> >>
> >> uid_t uid, ologinuid, nloginuid;
> >>
> >> + if (audit_enabled == AUDIT_OFF)
> >> + return;
> >> +
> >>
> >> uid = from_kuid(&init_user_ns, task_uid(current));
> >> ologinuid = from_kuid(&init_user_ns, koldloginuid);
> >> nloginuid = from_kuid(&init_user_ns, kloginuid),
> >
> > Are you wanting to avoid the audit event or prevent the use of
> > loginuid/sessionid when audit is disabled? What if we shutdown auditd
> > (which could disable auditing), someone logs in, and we restart auditd?
> > Wouldn't their context not have the correct credentials? What about non
> > audit users of this information?
>
> audit_log_set_loginuid is just used to log the setting loginuid message.
> this patch will prevent this message being generated when audit is disabled,
> we can still set/use loginuid.
OK, good. The version of that function I looked at sets the value (3.11
kernel). So, I wanted to make sure we are still able to set the value.
-Steve
next prev parent reply other threads:[~2013-11-01 1:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-31 8:52 [PATCH] audit: don't generate loginuid log when audit disabled Gao feng
2013-10-31 14:50 ` Steve Grubb
2013-11-01 0:55 ` Gao feng
2013-11-01 1:15 ` Steve Grubb [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-03-03 22:30 Richard Guy Briggs
2014-03-03 22:49 ` Greg KH
2014-03-03 22:51 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=125753871.qT5lM8C8XL@x2 \
--to=sgrubb@redhat.com \
--cc=gaofeng@cn.fujitsu.com \
--cc=linux-audit@redhat.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox