Re: audit looks unmaintained? [was: Re: [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid]

On 09/13, Steve Grubb wrote: > > On Sunday, September 08, 2013 05:54:35 PM Oleg Nesterov wrote: > > > > Then why audit_alloc() doesn't set TIF_SYSCALL_AUDIT unconditionally? > > The code I'm looking at does right at the end of the function. The code I'm looking at does right at the end too ;) but

[PATCH v2 1/1] audit_alloc: clear TIF_SYSCALL_AUDIT if !audit_context

If audit_filter_task() nacks the new thread it makes sense to clear TIF_SYSCALL_AUDIT which can be copied from parent by dup_task_struct(). A wrong TIF_SYSCALL_AUDIT is not really bad but it triggers the "slow" audit paths in entry.S to ensure the task can not miss audit_syscall_*() calls, this is

[PATCH v2 1/1] audit_alloc: clear TIF_SYSCALL_AUDIT if !audit_context

Hello, v2: - update the changelog - add the ack from Steve Oleg. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: audit looks unmaintained? [was: Re: [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid]

On 09/13, Steve Grubb wrote: > > On Tuesday, September 10, 2013 07:20:33 PM Oleg Nesterov wrote: > > > > So, Steve, do you still think that patch was wrong? Attached below > > just in case. > > I think this looks OK. If the task filter NACK's auditing the process, then > clearing the flag is probab