On Mon, Nov 23, 2015 at 5:20 PM, Tony Jones <[email protected]> wrote: > On 11/23/2015 02:20 PM, Paul Moore wrote: >> Previously we were emitting seccomp audit records regardless of the >> audit_enabled setting, a deparature from the rest of audit. This >> patch makes seccomp auditing consistent with the rest of the audit >> record generation code in that when audit_enabled=0 nothing is logged >> by the audit subsystem. >> >> The bulk of this patch is moving the CONFIG_AUDIT block ahead of the >> CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real >> code change was in the audit_seccomp() definition. >> >> Reported-by: Tony Jones <[email protected]> >> Signed-off-by: Paul Moore <[email protected]> > > Seems pretty much the same (functionally) as the patch I posted to audit > list on 10/12/2015 except that didn't hoist the entire block.
Yep, I prefered to move the block as I think it should have been that way anyway from the start. IMHO we got to many audit Kconfig knobs as-is and splitting that block for just the audit_enabled flag made things worse. > Signed-off-by: Tony Jones <[email protected]> -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
