diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2020-03-10 09:20:17 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-03-12 10:42:51 -0400 |
commit | 1320a4052ea11eb2879eb7361da15a106a780972 (patch) | |
tree | 335e3791ba5bc188ffad02e0328f22616ff2ef03 /kernel/auditsc.c | |
parent | 70b3eeed49e8190d97139806f6fbaf8964306cdb (diff) |
audit: trigger accompanying records when no rules present
When there are no audit rules registered, mandatory records (config,
etc.) are missing their accompanying records (syscall, proctitle, etc.).
This is due to audit context dummy set on syscall entry based on absence
of rules that signals that no other records are to be printed.
Clear the dummy bit if any record is generated.
The proctitle context and dummy checks are pointless since the
proctitle record will not be printed if no syscall records are printed.
Please see upstream github issue
https://github.com/linux-audit/audit-kernel/issues/120
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4effe01ebbe2..814406a35db1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1406,9 +1406,6 @@ static void audit_log_proctitle(void) struct audit_context *context = audit_context(); struct audit_buffer *ab; - if (!context || context->dummy) - return; - ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE); if (!ab) return; /* audit_panic or being filtered */ |