[PATCH] UBUNTU: SAUCE: seccomp: log actions even when audit is disabled

Tyler Hicks tyhicks at canonical.com
Wed Sep 21 18:04:35 UTC 2016


Upstream commit 96368701e1c89057bbf39222e965161c68a85b4b changed the
auditing behavior of seccomp so that actions are only logged when the
audit subsystem is enabled. A default install of Ubuntu does not include
the audit userspace and simply enabling the audit subsystem, without
filtering some audit events, would result in more audit records hitting
the system log than usual.

This patch undoes the functional change in upstream commit
96368701e1c89057bbf39222e965161c68a85b4b and goes back to the old
behavior of logging seccomp actions even when audit is not enabled.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
 include/linux/audit.h | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 9d4443f..1737be6 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -315,9 +315,6 @@ void audit_core_dumps(long signr);
 static inline void audit_seccomp(unsigned long syscall, long signr, int code)
-	if (!audit_enabled)
-		return;
 	/* Force a record to be reported if a signal was delivered. */
 	if (signr || unlikely(!audit_dummy_context()))
 		__audit_seccomp(syscall, signr, code);

More information about the kernel-team mailing list