If audit is disabled,we shouldn't generate the audit log. Acked-by: Eric Paris <epa...@redhat.com> Signed-off-by: Gao feng <gaof...@cn.fujitsu.com> --- kernel/audit.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c index f16f835..c307786 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -663,6 +663,9 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature { struct audit_buffer *ab; + if (audit_enabled == AUDIT_OFF) + return; + ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d", audit_feature_names[which], !!old_feature, !!new_feature, -- 1.8.3.1 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit