audit: don't generate audit feature changed log when audit disabled
authorGao feng <gaofeng@cn.fujitsu.com>
Fri, 1 Nov 2013 11:34:43 +0000 (19:34 +0800)
committerEric Paris <eparis@redhat.com>
Tue, 14 Jan 2014 03:29:06 +0000 (22:29 -0500)
If audit is disabled,we shouldn't generate the audit log.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
kernel/audit.c

index 4b6250cf87fd715e50ac29fd06b9b06b8139cdcc..2360da991721ac77e044f973384603b7695769b2 100644 (file)
@@ -680,6 +680,9 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
 {
        struct audit_buffer *ab;
 
+       if (audit_enabled == AUDIT_OFF)
+               return;
+
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
        audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d",
                         audit_feature_names[which], !!old_feature, !!new_feature,