summaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-02-21 22:25:50 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2017-02-21 22:25:50 +0100
commitb8989bccd6a0ad49db4795afca56a733e1c19099 (patch)
treeb9f974ea3ee701e75bcd5225497ba0a472322d1c /kernel/audit.c
parentMerge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/... (diff)
parentaudit: remove unnecessary curly braces from switch/case statements (diff)
downloadlinux-b8989bccd6a0ad49db4795afca56a733e1c19099.tar.xz
linux-b8989bccd6a0ad49db4795afca56a733e1c19099.zip
Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit
Pull audit updates from Paul Moore: "The audit changes for v4.11 are relatively small compared to what we did for v4.10, both in terms of size and impact. - two patches from Steve tweak the formatting for some of the audit records to make them more consistent with other audit records. - three patches from Richard record the name of a module on module load, fix the logging of sockaddr information when using socketcall() on 32-bit systems, and add the ability to reset audit's lost record counter. - my lone patch just fixes an annoying style nit that I was reminded about by one of Richard's patches. All these patches pass our test suite" * 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit: audit: remove unnecessary curly braces from switch/case statements audit: log module name on init_module audit: log 32-bit socketcalls audit: add feature audit_lost reset audit: Make AUDIT_ANOM_ABEND event normalized audit: Make AUDIT_KERNEL event conform to the specification
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 6e399bb69d7c..e794544f5e63 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -121,7 +121,7 @@ u32 audit_sig_sid = 0;
3) suppressed due to audit_rate_limit
4) suppressed due to audit_backlog_limit
*/
-static atomic_t audit_lost = ATOMIC_INIT(0);
+static atomic_t audit_lost = ATOMIC_INIT(0);
/* The netlink socket. */
static struct sock *audit_sock;
@@ -1058,6 +1058,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (err < 0)
return err;
}
+ if (s.mask == AUDIT_STATUS_LOST) {
+ u32 lost = atomic_xchg(&audit_lost, 0);
+
+ audit_log_config_change("lost", 0, lost, 1);
+ return lost;
+ }
break;
}
case AUDIT_GET_FEATURE:
@@ -1349,7 +1355,9 @@ static int __init audit_init(void)
panic("audit: failed to start the kauditd thread (%d)\n", err);
}
- audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
+ audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL,
+ "state=initialized audit_enabled=%u res=1",
+ audit_enabled);
return 0;
}