[PATCH] UBUNTU: SAUCE: seccomp: log actions even when audit is disabled
Tim Gardner
tim.gardner at canonical.com
Wed Sep 21 19:17:38 UTC 2016
On 09/21/2016 12:04 PM, Tyler Hicks wrote:
> https://launchpad.net/bugs/1626194
>
> Upstream commit 96368701e1c89057bbf39222e965161c68a85b4b changed the
> auditing behavior of seccomp so that actions are only logged when the
> audit subsystem is enabled. A default install of Ubuntu does not include
> the audit userspace and simply enabling the audit subsystem, without
> filtering some audit events, would result in more audit records hitting
> the system log than usual.
>
> This patch undoes the functional change in upstream commit
> 96368701e1c89057bbf39222e965161c68a85b4b and goes back to the old
> behavior of logging seccomp actions even when audit is not enabled.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> include/linux/audit.h | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 9d4443f..1737be6 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -315,9 +315,6 @@ void audit_core_dumps(long signr);
>
> static inline void audit_seccomp(unsigned long syscall, long signr, int code)
> {
> - if (!audit_enabled)
> - return;
> -
> /* Force a record to be reported if a signal was delivered. */
> if (signr || unlikely(!audit_dummy_context()))
> __audit_seccomp(syscall, signr, code);
>
Tyler - this appears to have already been applied to Yakkety master-next.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list