From 65a8766f5f50a5cd342f3d8f77a30917648ddb67 Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Thu, 14 Jun 2018 16:20:05 -0400 Subject: [PATCH] audit: check audit_enabled in audit_tree_log_remove_rule() Respect the audit_enabled flag when printing tree rule config change records. See: https://github.com/linux-audit/audit-kernel/issues/50 Signed-off-by: Richard Guy Briggs [PM: tweak the subject line] Signed-off-by: Paul Moore --- kernel/audit_tree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index c99ebaae5abc..9f6eaeb6919f 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -497,6 +497,8 @@ static void audit_tree_log_remove_rule(struct audit_krule *rule) { struct audit_buffer *ab; + if (!audit_enabled) + return; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (unlikely(!ab)) return;