On Monday, November 23, 2015 05:35:58 PM Paul Moore wrote: > On Mon, Nov 23, 2015 at 5:20 PM, Tony Jones <to...@suse.de> wrote: > > On 11/23/2015 02:20 PM, Paul Moore wrote: > >> Previously we were emitting seccomp audit records regardless of the > >> audit_enabled setting, a deparature from the rest of audit. This > >> patch makes seccomp auditing consistent with the rest of the audit > >> record generation code in that when audit_enabled=0 nothing is logged > >> by the audit subsystem. > >> > >> The bulk of this patch is moving the CONFIG_AUDIT block ahead of the > >> CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real > >> code change was in the audit_seccomp() definition. > >> > >> Reported-by: Tony Jones <to...@suse.de> > >> Signed-off-by: Paul Moore <pmo...@redhat.com> > > > > Seems pretty much the same (functionally) as the patch I posted to audit > > list on 10/12/2015 except that didn't hoist the entire block. > > Yep, I prefered to move the block as I think it should have been that > way anyway from the start. IMHO we got to many audit Kconfig knobs > as-is and splitting that block for just the audit_enabled flag made > things worse. > > > Signed-off-by: Tony Jones <to...@suse.de>
I just merged this patch into audit#next, the only change is I replaced the "Reported-by" for Tony with his sign-off. -- paul moore security @ redhat -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html