From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tony Jones <tonyj@suse.de>
Subject: Re: [RFC PATCH] audit: force seccomp event logging to honor the
 audit_enabled flag
Date: Mon, 23 Nov 2015 14:20:52 -0800
Message-ID: <56539144.6000008@suse.de>
References: <20151123222006.15340.18040.stgit@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <20151123222006.15340.18040.stgit@localhost>
Sender: owner-linux-security-module@vger.kernel.org
To: Paul Moore <pmoore@redhat.com>, linux-audit@redhat.com
Cc: linux-security-module@vger.kernel.org
List-Id: linux-audit@redhat.com

On 11/23/2015 02:20 PM, Paul Moore wrote:
> Previously we were emitting seccomp audit records regardless of the
> audit_enabled setting, a deparature from the rest of audit.  This
> patch makes seccomp auditing consistent with the rest of the audit
> record generation code in that when audit_enabled=0 nothing is logged
> by the audit subsystem.
> 
> The bulk of this patch is moving the CONFIG_AUDIT block ahead of the
> CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real
> code change was in the audit_seccomp() definition.
> 
> Reported-by: Tony Jones <tonyj@suse.de>
> Signed-off-by: Paul Moore <pmoore@redhat.com>

Seems pretty much the same (functionally) as the patch I posted to audit 
list on 10/12/2015 except that didn't hoist the entire block.

Signed-off-by: Tony Jones <tonyj@suse.de>