On 11/23/2015 02:20 PM, Paul Moore wrote: > Previously we were emitting seccomp audit records regardless of the > audit_enabled setting, a deparature from the rest of audit. This > patch makes seccomp auditing consistent with the rest of the audit > record generation code in that when audit_enabled=0 nothing is logged > by the audit subsystem. > > The bulk of this patch is moving the CONFIG_AUDIT block ahead of the > CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real > code change was in the audit_seccomp() definition. > > Reported-by: Tony Jones <[email protected]> > Signed-off-by: Paul Moore <[email protected]>
Seems pretty much the same (functionally) as the patch I posted to audit list on 10/12/2015 except that didn't hoist the entire block. Signed-off-by: Tony Jones <[email protected]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
