On Thu, Sep 6, 2012 at 9:45 AM, Dave Jones <da...@redhat.com> wrote: > On Thu, Sep 06, 2012 at 09:32:49AM -0700, Kees Cook wrote: > > > I just realised, the funny thing about this is that the machine running > that test > > > had selinux/audit disabled. And yet here we are, screwing around with > audit buffers. > > > > The intent was to have this message show up in dmesg even if auditd > > wasn't running, and even if the specific process wasn't being > > explicitly audited. > > > > > Should there be a test on audit_enable=0 in audit_log_link_denied() ? > > > > > > I'm now curious how much more of the audit code is getting run through > similar lack of tests > > > > What is the condition in which audit_log_start fails? > > in the case of that oops, given I had booted with audit=0, I suspect it was > hitting the first check... > > 1157 if (audit_initialized != AUDIT_INITIALIZED) > 1158 return NULL;
Ah-ha, okay. Yeah, I'm fine with the fix you had. If _start fails, just return. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
