[PATCH] UBUNTU: SAUCE: seccomp: log actions even when audit is disabled
Tyler Hicks
tyhicks at canonical.com
Wed Sep 21 18:08:49 UTC 2016
On 09/21/2016 01:04 PM, Tyler Hicks wrote:
> https://launchpad.net/bugs/1626194
>
> Upstream commit 96368701e1c89057bbf39222e965161c68a85b4b changed the
> auditing behavior of seccomp so that actions are only logged when the
> audit subsystem is enabled. A default install of Ubuntu does not include
> the audit userspace and simply enabling the audit subsystem, without
> filtering some audit events, would result in more audit records hitting
> the system log than usual.
>
> This patch undoes the functional change in upstream commit
> 96368701e1c89057bbf39222e965161c68a85b4b and goes back to the old
> behavior of logging seccomp actions even when audit is not enabled.
This is intended for the Yakkety 4.8 kernel only. Sorry for the missing
[Yakkety] tag in the subject.
Tyler
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> include/linux/audit.h | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 9d4443f..1737be6 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -315,9 +315,6 @@ void audit_core_dumps(long signr);
>
> static inline void audit_seccomp(unsigned long syscall, long signr, int code)
> {
> - if (!audit_enabled)
> - return;
> -
> /* Force a record to be reported if a signal was delivered. */
> if (signr || unlikely(!audit_dummy_context()))
> __audit_seccomp(syscall, signr, code);
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20160921/203b6bb3/attachment.sig>
More information about the kernel-team
mailing list