Every time I run Chrome from dev channel, which uses seccomp, logs are flooded with below repetitive entries -
2093.889522] audit_printk_skb: 42 callbacks suppressed [ 2093.889527] type=1701 audit(1347114113.889:62): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=5329 comm="chrome" reason="seccomp" sig=0 syscall=2 compat=0 ip=0x7f1a63b45d90 code=0x50000 Reduce the seemingly needless repetitive logging by honoring audit_enabled and checking if the signal is worth auditing. Signed-off-by: Parag Warudkar <[email protected]> diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4b96415..6c3012a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2715,6 +2715,9 @@ void __audit_seccomp(unsigned long syscall, long signr, int code) { struct audit_buffer *ab; + if (!audit_enabled || !signr || signr == SIGQUIT) + return; + ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); audit_log_abend(ab, "seccomp", signr); audit_log_format(ab, " syscall=%ld", syscall); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
