From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH] audit: don't generate loginuid log when audit disabled
Date: Thu, 31 Oct 2013 10:50:09 -0400
Message-ID: <4508216.dezx0a89pY@x2>
References: <1383209542-23923-1-git-send-email-gaofeng@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1383209542-23923-1-git-send-email-gaofeng@cn.fujitsu.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: rgb@redhat.com
List-Id: linux-audit@redhat.com

On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
>  kernel/auditsc.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 065c7a1..92d0e92 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
>  	uid_t uid, ologinuid, nloginuid;
> 
> +	if (audit_enabled == AUDIT_OFF)
> +		return;
> +
>  	uid = from_kuid(&init_user_ns, task_uid(current));
>  	ologinuid = from_kuid(&init_user_ns, koldloginuid);
>  	nloginuid = from_kuid(&init_user_ns, kloginuid),

Are you wanting to avoid the audit event or prevent the use of 
loginuid/sessionid when audit is disabled? What if we shutdown auditd (which 
could disable auditing), someone logs in, and we restart auditd? Wouldn't 
their context not have the correct credentials? What about non audit users of 
this information?

-Steve