audit: ensure that 'audit=1' actually enables audit for PID 1
[ Upstream commit 173743dd99
]
Prior to this patch we enabled audit in audit_init(), which is too
late for PID 1 as the standard initcalls are run after the PID 1 task
is forked. This means that we never allocate an audit_context (see
audit_alloc()) for PID 1 and therefore miss a lot of audit events
generated by PID 1.
This patch enables audit as early as possible to help ensure that when
PID 1 is forked it can allocate an audit_context if required.
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Родитель
4086f7cf0c
Коммит
0ad0bb6016
|
@ -85,13 +85,13 @@ static int audit_initialized;
|
|||
#define AUDIT_OFF 0
|
||||
#define AUDIT_ON 1
|
||||
#define AUDIT_LOCKED 2
|
||||
u32 audit_enabled;
|
||||
u32 audit_ever_enabled;
|
||||
u32 audit_enabled = AUDIT_OFF;
|
||||
u32 audit_ever_enabled = !!AUDIT_OFF;
|
||||
|
||||
EXPORT_SYMBOL_GPL(audit_enabled);
|
||||
|
||||
/* Default state when kernel boots without any parameters. */
|
||||
static u32 audit_default;
|
||||
static u32 audit_default = AUDIT_OFF;
|
||||
|
||||
/* If auditing cannot proceed, audit_failure selects what happens. */
|
||||
static u32 audit_failure = AUDIT_FAIL_PRINTK;
|
||||
|
@ -1552,8 +1552,6 @@ static int __init audit_init(void)
|
|||
register_pernet_subsys(&audit_net_ops);
|
||||
|
||||
audit_initialized = AUDIT_INITIALIZED;
|
||||
audit_enabled = audit_default;
|
||||
audit_ever_enabled |= !!audit_default;
|
||||
|
||||
kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
|
||||
if (IS_ERR(kauditd_task)) {
|
||||
|
@ -1575,6 +1573,8 @@ static int __init audit_enable(char *str)
|
|||
audit_default = !!simple_strtol(str, NULL, 0);
|
||||
if (!audit_default)
|
||||
audit_initialized = AUDIT_DISABLED;
|
||||
audit_enabled = audit_default;
|
||||
audit_ever_enabled = !!audit_enabled;
|
||||
|
||||
pr_info("%s\n", audit_default ?
|
||||
"enabled (after initialization)" : "disabled (until reboot)");
|
||||
|
|
Загрузка…
Ссылка в новой задаче