audit: ensure that 'audit=1' actually enables audit for PID 1

[ Upstream commit 173743dd99a49c956b124a74c8aacb0384739a4c ] Prior to this patch we enabled audit in audit_init(), which is too late for PID 1 as the standard initcalls are run after the PID 1 task is forked. This means that we never allocate an audit_context (see audit_alloc()) for PID 1 and therefore miss a lot of audit events generated by PID 1. This patch enables audit as early as possible to help ensure that when PID 1 is forked it can allocate an audit_context if required. Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Paul Moore <paul@paul-moore.com> 2017-09-01 09:44:34 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-12-17 15:08:00 +0100
commit: 0ad0bb60166d8e4fbacaaaaaeb10a24de5e99aff (patch)
tree: 4f71d8cd05b6fb9f5e34134944eeeb1e6b367b21
parent: 4086f7cf0c3e2fe275a2a18dc25749df348c0cdb (diff)
download: blackbird-op-linux-0ad0bb60166d8e4fbacaaaaaeb10a24de5e99aff.tar.gz
blackbird-op-linux-0ad0bb60166d8e4fbacaaaaaeb10a24de5e99aff.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index d779326e53c0..5b34d3114af4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -85,13 +85,13 @@ static int	audit_initialized;
 #define AUDIT_OFF	0
 #define AUDIT_ON	1
 #define AUDIT_LOCKED	2
-u32		audit_enabled;
-u32		audit_ever_enabled;
+u32		audit_enabled = AUDIT_OFF;
+u32		audit_ever_enabled = !!AUDIT_OFF;
 
 EXPORT_SYMBOL_GPL(audit_enabled);
 
 /* Default state when kernel boots without any parameters. */
-static u32	audit_default;
+static u32	audit_default = AUDIT_OFF;
 
 /* If auditing cannot proceed, audit_failure selects what happens. */
 static u32	audit_failure = AUDIT_FAIL_PRINTK;
@@ -1552,8 +1552,6 @@ static int __init audit_init(void)
 	register_pernet_subsys(&audit_net_ops);
 
 	audit_initialized = AUDIT_INITIALIZED;
-	audit_enabled = audit_default;
-	audit_ever_enabled |= !!audit_default;
 
 	kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
 	if (IS_ERR(kauditd_task)) {
@@ -1575,6 +1573,8 @@ static int __init audit_enable(char *str)
 	audit_default = !!simple_strtol(str, NULL, 0);
 	if (!audit_default)
 		audit_initialized = AUDIT_DISABLED;
+	audit_enabled = audit_default;
+	audit_ever_enabled = !!audit_enabled;
 
 	pr_info("%s\n", audit_default ?
 		"enabled (after initialization)" : "disabled (until reboot)");
author	Paul Moore <paul@paul-moore.com>	2017-09-01 09:44:34 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-12-17 15:08:00 +0100
commit	0ad0bb60166d8e4fbacaaaaaeb10a24de5e99aff (patch)
tree	4f71d8cd05b6fb9f5e34134944eeeb1e6b367b21
parent	4086f7cf0c3e2fe275a2a18dc25749df348c0cdb (diff)
download	blackbird-op-linux-0ad0bb60166d8e4fbacaaaaaeb10a24de5e99aff.tar.gz blackbird-op-linux-0ad0bb60166d8e4fbacaaaaaeb10a24de5e99aff.zip