From mboxrd@z Thu Jan  1 00:00:00 1970
From: Gao feng <gaofeng@cn.fujitsu.com>
Subject: Re: [PATCH] audit: don't generate loginuid log when audit disabled
Date: Fri, 01 Nov 2013 08:55:03 +0800
Message-ID: <5272FBE7.6090708@cn.fujitsu.com>
References: <1383209542-23923-1-git-send-email-gaofeng@cn.fujitsu.com>
	<4508216.dezx0a89pY@x2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <4508216.dezx0a89pY@x2>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: rgb@redhat.com, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On 10/31/2013 10:50 PM, Steve Grubb wrote:
> On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote:
>> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
>> ---
>>  kernel/auditsc.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
>> index 065c7a1..92d0e92 100644
>> --- a/kernel/auditsc.c
>> +++ b/kernel/auditsc.c
>> @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t
>> koldloginuid, kuid_t kloginuid, struct audit_buffer *ab;
>>  	uid_t uid, ologinuid, nloginuid;
>>
>> +	if (audit_enabled == AUDIT_OFF)
>> +		return;
>> +
>>  	uid = from_kuid(&init_user_ns, task_uid(current));
>>  	ologinuid = from_kuid(&init_user_ns, koldloginuid);
>>  	nloginuid = from_kuid(&init_user_ns, kloginuid),
> 
> Are you wanting to avoid the audit event or prevent the use of 
> loginuid/sessionid when audit is disabled? What if we shutdown auditd (which 
> could disable auditing), someone logs in, and we restart auditd? Wouldn't 
> their context not have the correct credentials? What about non audit users of 
> this information?
> 

audit_log_set_loginuid is just used to log the setting loginuid message.
this patch will prevent this message being generated when audit is disabled,
we can still set/use loginuid.

Anything I missed?

Thanks
Gao