[PATCH] UBUNTU: SAUCE: seccomp: log actions even when audit is disabled

Tyler Hicks tyhicks at canonical.com
Wed Sep 21 18:08:49 UTC 2016


On 09/21/2016 01:04 PM, Tyler Hicks wrote:
> https://launchpad.net/bugs/1626194
> 
> Upstream commit 96368701e1c89057bbf39222e965161c68a85b4b changed the
> auditing behavior of seccomp so that actions are only logged when the
> audit subsystem is enabled. A default install of Ubuntu does not include
> the audit userspace and simply enabling the audit subsystem, without
> filtering some audit events, would result in more audit records hitting
> the system log than usual.
> 
> This patch undoes the functional change in upstream commit
> 96368701e1c89057bbf39222e965161c68a85b4b and goes back to the old
> behavior of logging seccomp actions even when audit is not enabled.

This is intended for the Yakkety 4.8 kernel only. Sorry for the missing
[Yakkety] tag in the subject.

Tyler

> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
>  include/linux/audit.h | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 9d4443f..1737be6 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -315,9 +315,6 @@ void audit_core_dumps(long signr);
>  
>  static inline void audit_seccomp(unsigned long syscall, long signr, int code)
>  {
> -	if (!audit_enabled)
> -		return;
> -
>  	/* Force a record to be reported if a signal was delivered. */
>  	if (signr || unlikely(!audit_dummy_context()))
>  		__audit_seccomp(syscall, signr, code);
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20160921/203b6bb3/attachment.sig>


More information about the kernel-team mailing list