svn commit: r186822 - head/sys/security/audit
Robert Watson
rwatson at FreeBSD.org
Tue Jan 6 06:00:00 PST 2009
Author: rwatson
Date: Tue Jan 6 13:59:59 2009
New Revision: 186822
URL: http://svn.freebsd.org/changeset/base/186822
Log:
In AUDIT_SYSCALL_EXIT(), invoke audit_syscall_exit() only if an audit
record is active on the current thread--historically we may always
have wanted to enter the audit code if auditing was enabled, but now
we just commit the audit record so don't need to enter if there isn't
one.
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Modified:
head/sys/security/audit/audit.h
Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h Tue Jan 6 13:27:56 2009 (r186821)
+++ head/sys/security/audit/audit.h Tue Jan 6 13:59:59 2009 (r186822)
@@ -198,11 +198,11 @@ void audit_thread_free(struct thread *t
/*
* Wrap the audit_syscall_exit() function so that it is called only when
- * auditing is enabled, or we have a audit record on the thread. It is
- * possible that an audit record was begun before auditing was turned off.
+ * we have a audit record on the thread. Audit records can persist after
+ * auditing is disabled, so we don't just check audit_enabled here.
*/
#define AUDIT_SYSCALL_EXIT(error, td) do { \
- if (audit_enabled || (td->td_ar != NULL)) \
+ if (td->td_ar != NULL) \
audit_syscall_exit(error, td); \
} while (0)
More information about the svn-src-all
mailing list