Commit 7b018b28 authored by Tony Jones's avatar Tony Jones Committed by Linus Torvalds

audit: fix oops removing watch if audit disabled

Removing a watched file will oops if audit is disabled (auditctl -e 0).

To reproduce:
- auditctl -e 1
- touch /tmp/foo
- auditctl -w /tmp/foo
- auditctl -e 0
- rm /tmp/foo (or mv)
Signed-off-by: default avatarTony Jones <tonyj@suse.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 266f5aa0
...@@ -947,7 +947,7 @@ static void audit_update_watch(struct audit_parent *parent, ...@@ -947,7 +947,7 @@ static void audit_update_watch(struct audit_parent *parent,
/* If the update involves invalidating rules, do the inode-based /* If the update involves invalidating rules, do the inode-based
* filtering now, so we don't omit records. */ * filtering now, so we don't omit records. */
if (invalidating && if (invalidating && current->audit_context &&
audit_filter_inodes(current, current->audit_context) == AUDIT_RECORD_CONTEXT) audit_filter_inodes(current, current->audit_context) == AUDIT_RECORD_CONTEXT)
audit_set_auditable(current->audit_context); audit_set_auditable(current->audit_context);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment