• Paul Moore's avatar
    audit: force seccomp event logging to honor the audit_enabled flag · 96368701
    Paul Moore authored
    Previously we were emitting seccomp audit records regardless of the
    audit_enabled setting, a deparature from the rest of audit.  This
    patch makes seccomp auditing consistent with the rest of the audit
    record generation code in that when audit_enabled=0 nothing is logged
    by the audit subsystem.
    
    The bulk of this patch is moving the CONFIG_AUDIT block ahead of the
    CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real
    code change was in the audit_seccomp() definition.
    Signed-off-by: default avatarTony Jones <tonyj@suse.de>
    Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
    96368701
audit.h 16.8 KB