On 2018-02-22 17:22, Greg Edwards wrote: > One of our CI tests was booting upstream kernels with the "audit=off" kernel > parameter. This was our error; it should have been "audit=0". However, > in 4.15 the verification of the boot parameter got more strict in 80ab4df62706 > ("audit: don't use simple_strtol() anymore"), and our errant boot parameter > value starting panic'ing the system. > > The problem is this happens so early in boot, the console isn't initialized > yet > and you don't see the panic message. You have no idea what the problem is > unless you add an "earlyprintk" boot option, e.g. > earlyprintk=serial,ttyS0,115200n8. > > Fix this by having the boot parameter setup function just save the boot > parameter value, and process it later from a call in audit_init(). The > console > is initialized by this point, and you can see any panic messages without > having > to use an earlyprintk option.
This part all looks good. > Additionally, add "on" and "off" as valid audit boot parameter values. This part is a step in the right direction, but I've got minor concerns about variations on "0" and "1" that will no longer work, since any non-zero integer worked previously and will no longer do so. I would have still used the integer conversion but checked explicitly for "on" and "off" prior to testing for an integer. > Greg Edwards (2): > audit: move processing of "audit" boot param to audit_init() > audit: add "on"/"off" as valid boot parameter values > > Documentation/admin-guide/kernel-parameters.txt | 14 +++---- > kernel/audit.c | 49 > ++++++++++++++++--------- > 2 files changed, 39 insertions(+), 24 deletions(-) - RGB -- Richard Guy Briggs <r...@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit