[AUDIT] create context if auditing was ever enabled Disabling audit at runtime by auditctl doesn't mean that we can stop allocating contexts for new processes; we don't want to miss them when that sucker is reenabled. (based on work from Al Viro in the RHEL kernel series) Signed-off-by: Eric Paris <eparis@redhat.com>

commit: b593d384efcff7bdf6beb1bc1bc69927977aee26 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Tue Jan 08 17:38:31 2008 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> Fri Feb 01 14:24:45 2008 -0500
tree: 9055ef0decc84dcbf0da67135535f0746e602e8e
parent: 50397bd1e471391d27f64efad9271459c913de87 [diff] [blame]
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6e03322..1c06ecf 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c

@@ -70,6 +70,7 @@
 #include "audit.h"
 
 extern struct list_head audit_filter_list[];
+extern int audit_ever_enabled;
 
 /* AUDIT_NAMES is the number of slots we reserve in the audit_context
  * for saving names from getname(). */
@@ -838,7 +839,7 @@
 	struct audit_context *context;
 	enum audit_state     state;
 
-	if (likely(!audit_enabled))
+	if (likely(!audit_ever_enabled))
 		return 0; /* Return if not auditing. */
 
 	state = audit_filter_task(tsk);
commit	b593d384efcff7bdf6beb1bc1bc69927977aee26	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Tue Jan 08 17:38:31 2008 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	Fri Feb 01 14:24:45 2008 -0500
tree	9055ef0decc84dcbf0da67135535f0746e602e8e
parent	50397bd1e471391d27f64efad9271459c913de87 [diff] [blame]