From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH] audit: don't generate loginuid log when audit disabled
Date: Thu, 31 Oct 2013 21:15:45 -0400
Message-ID: <125753871.qT5lM8C8XL@x2>
References: <1383209542-23923-1-git-send-email-gaofeng@cn.fujitsu.com>
	<4508216.dezx0a89pY@x2> <5272FBE7.6090708@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <5272FBE7.6090708@cn.fujitsu.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Gao feng <gaofeng@cn.fujitsu.com>
Cc: rgb@redhat.com, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Friday, November 01, 2013 08:55:03 AM Gao feng wrote:
> On 10/31/2013 10:50 PM, Steve Grubb wrote:
> > On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> >> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> >> ---
> >> 
> >>  kernel/auditsc.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >> 
> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> >> index 065c7a1..92d0e92 100644
> >> --- a/kernel/auditsc.c
> >> +++ b/kernel/auditsc.c
> >> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> >> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
> >> 
> >>  	uid_t uid, ologinuid, nloginuid;
> >> 
> >> +	if (audit_enabled == AUDIT_OFF)
> >> +		return;
> >> +
> >> 
> >>  	uid = from_kuid(&init_user_ns, task_uid(current));
> >>  	ologinuid = from_kuid(&init_user_ns, koldloginuid);
> >>  	nloginuid = from_kuid(&init_user_ns, kloginuid),
> > 
> > Are you wanting to avoid the audit event or prevent the use of
> > loginuid/sessionid when audit is disabled? What if we shutdown auditd
> > (which could disable auditing), someone logs in, and we restart auditd?
> > Wouldn't their context not have the correct credentials? What about non
> > audit users of this information?
> 
> audit_log_set_loginuid is just used to log the setting loginuid message.
> this patch will prevent this message being generated when audit is disabled,
> we can still set/use loginuid.

OK, good. The version of that function I looked at sets the value (3.11 
kernel). So, I wanted to make sure we are still able to set the value.

-Steve