audit: simplify audit_enabled check in audit_watch_log_rule_change()
Check the audit_enabled flag and bail immediately. This does not change the functionality, but brings the code format in line with similar checks in audit_tree_log_remove_rule(), audit_mark_log_rule_change(), and elsewhere in the audit code. See: https://github.com/linux-audit/audit-kernel/issues/50 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: tweaked subject line] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
65a8766f5f
commit
4fa7f08699
|
@ -238,20 +238,21 @@ static struct audit_watch *audit_dupe_watch(struct audit_watch *old)
|
|||
|
||||
static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watch *w, char *op)
|
||||
{
|
||||
if (audit_enabled) {
|
||||
struct audit_buffer *ab;
|
||||
ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
|
||||
if (unlikely(!ab))
|
||||
return;
|
||||
audit_log_format(ab, "auid=%u ses=%u op=%s",
|
||||
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
||||
audit_get_sessionid(current), op);
|
||||
audit_log_format(ab, " path=");
|
||||
audit_log_untrustedstring(ab, w->path);
|
||||
audit_log_key(ab, r->filterkey);
|
||||
audit_log_format(ab, " list=%d res=1", r->listnr);
|
||||
audit_log_end(ab);
|
||||
}
|
||||
struct audit_buffer *ab;
|
||||
|
||||
if (!audit_enabled)
|
||||
return;
|
||||
ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
|
||||
if (!ab)
|
||||
return;
|
||||
audit_log_format(ab, "auid=%u ses=%u op=%s",
|
||||
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
||||
audit_get_sessionid(current), op);
|
||||
audit_log_format(ab, " path=");
|
||||
audit_log_untrustedstring(ab, w->path);
|
||||
audit_log_key(ab, r->filterkey);
|
||||
audit_log_format(ab, " list=%d res=1", r->listnr);
|
||||
audit_log_end(ab);
|
||||
}
|
||||
|
||||
/* Update inode info in audit rules based on filesystem event. */
|
||||
|
|
Loading…
Reference in New Issue