On 11/06/2015 01:36 PM, Tony Jones wrote: > On 10/13/2015 12:19 PM, Paul Moore wrote: > >> Yes, if systemd is involved it enables audit; we've had some >> discussions with the systemd folks about fixing that, but they haven't >> gone very far. I'm still a little curious as to why >> audit_dummy_context() is false in this case, but I haven't looked at >> how systemd/auditctl start/config the system too closely. > > Sorry for the delay here. > > A context is allocated by audit_alloc() because there is no uid/gid filter > for the task > but the dummy flag is left false. Because audit has been disabled (manually > following systemd enabling), > dummy never gets set in the syscall entry path (based on !audit_n_rules). So > the unlikely(!audit_dummy_context()) > in audit_seccomp succeeds. > > Tony
Any comments on this? Current interaction between enabled_enabled and dummy flag seems wrong to me. I can code up a patch. Tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
