On 2018-02-22 17:22, Greg Edwards wrote:
> One of our CI tests was booting upstream kernels with the "audit=off" kernel
> parameter.  This was our error; it should have been "audit=0".  However,
> in 4.15 the verification of the boot parameter got more strict in 80ab4df62706
> ("audit: don't use simple_strtol() anymore"), and our errant boot parameter
> value starting panic'ing the system.
> The problem is this happens so early in boot, the console isn't initialized 
> yet
> and you don't see the panic message.  You have no idea what the problem is
> unless you add an "earlyprintk" boot option, e.g.
> earlyprintk=serial,ttyS0,115200n8.
> Fix this by having the boot parameter setup function just save the boot
> parameter value, and process it later from a call in audit_init().  The 
> console
> is initialized by this point, and you can see any panic messages without 
> having
> to use an earlyprintk option.

This part all looks good.

> Additionally, add "on" and "off" as valid audit boot parameter values.

This part is a step in the right direction, but I've got minor concerns
about variations on "0" and "1" that will no longer work, since any
non-zero integer worked previously and will no longer do so.

I would have still used the integer conversion but checked explicitly
for "on" and "off" prior to testing for an integer.

> Greg Edwards (2):
>   audit: move processing of "audit" boot param to audit_init()
>   audit: add "on"/"off" as valid boot parameter values
>  Documentation/admin-guide/kernel-parameters.txt | 14 +++----
>  kernel/audit.c                                  | 49 
> ++++++++++++++++---------
>  2 files changed, 39 insertions(+), 24 deletions(-)


Richard Guy Briggs <r...@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Linux-audit mailing list

Reply via email to