On Fri, May 10, 2019 at 12:22 PM Richard Guy Briggs <[email protected]> wrote: > > When a process signals the audit daemon (shutdown, rotate, resume, > reconfig) but syscall auditing is not enabled, we still want to know the > identity of the process sending the signal to the audit daemon. > > Move audit_signal_info() out of syscall auditing to general auditing but > create a new function audit_signal_info_syscall() to take care of the > syscall dependent parts for when syscall auditing is enabled. > > Please see the github kernel audit issue > https://github.com/linux-audit/audit-kernel/issues/111 > > Signed-off-by: Richard Guy Briggs <[email protected]> > --- > Changelog: > v2: > - change patch title to avoid siginfo_t confusion > - change return value to "0" from AUDIT_OFF > - use dummy functions instead of macros in header files > > Compile/boot/test auditsyscall enable/disable, audit disable, > auditsyscall enable/selinux disable. > > include/linux/audit.h | 9 +++++++++ > kernel/audit.c | 27 +++++++++++++++++++++++++++ > kernel/audit.h | 8 ++++++-- > kernel/auditsc.c | 19 +++---------------- > kernel/signal.c | 2 +- > 5 files changed, 46 insertions(+), 19 deletions(-)
Merged into audit/next, thanks. -- paul moore www.paul-moore.com
