diff options
author | Greg Edwards <gedwards@ddn.com> | 2018-03-05 23:05:20 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-03-06 19:50:07 +0100 |
commit | 11dd2666375e191757dd4271d5020820c6d0e4a5 (patch) | |
tree | c1f4f29419c7e4f7a1258bd2dd3815667d548837 /kernel/audit.c | |
parent | audit: track the owner of the command mutex ourselves (diff) | |
download | linux-11dd2666375e191757dd4271d5020820c6d0e4a5.tar.xz linux-11dd2666375e191757dd4271d5020820c6d0e4a5.zip |
audit: do not panic on invalid boot parameter
If you pass in an invalid audit boot parameter value, e.g. "audit=off",
the kernel panics very early in boot before the regular console is
initialized. Unless you have earlyprintk enabled, there is no
indication of what the problem is on the console.
Convert the panic() calls to pr_err(), and leave auditing enabled if an
invalid parameter value was passed in.
Modify the parameter to also accept "on" or "off" as valid values, and
update the documentation accordingly.
Signed-off-by: Greg Edwards <gedwards@ddn.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to '')
-rw-r--r-- | kernel/audit.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 1a3e75d9a66c..69ef8de69f03 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1615,19 +1615,26 @@ static int __init audit_init(void) } postcore_initcall(audit_init); -/* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ +/* + * Process kernel command-line parameter at boot time. + * audit={0|off} or audit={1|on}. + */ static int __init audit_enable(char *str) { - long val; - - if (kstrtol(str, 0, &val)) - panic("audit: invalid 'audit' parameter value (%s)\n", str); - audit_default = (val ? AUDIT_ON : AUDIT_OFF); + if (!strcasecmp(str, "off") || !strcmp(str, "0")) + audit_default = AUDIT_OFF; + else if (!strcasecmp(str, "on") || !strcmp(str, "1")) + audit_default = AUDIT_ON; + else { + pr_err("audit: invalid 'audit' parameter value (%s)\n", str); + audit_default = AUDIT_ON; + } if (audit_default == AUDIT_OFF) audit_initialized = AUDIT_DISABLED; if (audit_set_enabled(audit_default)) - panic("audit: error setting audit state (%d)\n", audit_default); + pr_err("audit: error setting audit state (%d)\n", + audit_default); pr_info("%s\n", audit_default ? "enabled (after initialization)" : "disabled (until reboot)"); |