Re: [PATCH] Don't audit SECCOMP_KILL/RET_ERRNO when syscall auditing is disabled

From: Andi Kleen
Date: Sat Apr 09 2016 - 22:42:00 EST

Next message: Darren Hart: "Re: [PATCH] platform:x86 decouple telemetry driver from the optional IPC resources"
Previous message: Darren Hart: "Re: [PATCH] intel_menlow: set cdev after null device check to avoid null pointer dereference"
In reply to: Paul Moore: "Re: [PATCH] Don't audit SECCOMP_KILL/RET_ERRNO when syscall auditing is disabled"
Next in thread: Paul Moore: "Re: [PATCH] Don't audit SECCOMP_KILL/RET_ERRNO when syscall auditing is disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> What kernel version are you using? I believe we fixed that in Linux
> 4.5 with the following:

This is 4.6-rc2.
>
> commit 96368701e1c89057bbf39222e965161c68a85b4b
> From: Paul Moore <pmoore@xxxxxxxxxx>
> Date: Wed, 13 Jan 2016 10:18:55 -0400 (09:18 -0500)
>
> audit: force seccomp event logging to honor the audit_enabled flag

No you didn't fix it because audit_enabled is always enabled by systemd
for user space auditing, see the original description of my patch.

-Andi

Next message: Darren Hart: "Re: [PATCH] platform:x86 decouple telemetry driver from the optional IPC resources"
Previous message: Darren Hart: "Re: [PATCH] intel_menlow: set cdev after null device check to avoid null pointer dereference"
In reply to: Paul Moore: "Re: [PATCH] Don't audit SECCOMP_KILL/RET_ERRNO when syscall auditing is disabled"
Next in thread: Paul Moore: "Re: [PATCH] Don't audit SECCOMP_KILL/RET_ERRNO when syscall auditing is disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]