Every time I run Chrome from dev channel, which uses seccomp, logs are
flooded with below repetitive entries -
2093.889522] audit_printk_skb: 42 callbacks suppressed
[ 2093.889527] type=1701 audit(1347114113.889:62): auid=4294967295
uid=1000 gid=1000 ses=4294967295 pid=5329 comm="chrome" reason="seccomp"
sig=0 syscall=2 compat=0 ip=0x7f1a63b45d90 code=0x50000
Reduce the seemingly needless repetitive logging by honoring audit_enabled
and checking if the signal is worth auditing.
Signed-off-by: Parag Warudkar <parag.l...@gmail.com>
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4b96415..6c3012a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2715,6 +2715,9 @@ void __audit_seccomp(unsigned long syscall, long signr,
int code)
{
struct audit_buffer *ab;
+ if (!audit_enabled || !signr || signr == SIGQUIT)
+ return;
+
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
audit_log_abend(ab, "seccomp", signr);
audit_log_format(ab, " syscall=%ld", syscall);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
