Respect the audit_enabled flag when printing tree rule config change records.
See: https://github.com/linux-audit/audit-kernel/issues/50 Signed-off-by: Richard Guy Briggs <[email protected]> --- kernel/audit_tree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 67e6956..5e9d1e5 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -497,6 +497,8 @@ static void audit_tree_log_remove_rule(struct audit_krule *rule) { struct audit_buffer *ab; + if (!audit_enabled) + return; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (unlikely(!ab)) return; -- 1.8.3.1 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
