Commit 3d413f0c authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'audit-pr-20250527' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit 

Pull audit updates from Paul Moore:

 - Always record AUDIT_ANOM events when auditing is enabled.

   Prior to this patch we only recorded AUDIT_ANOM events if auditing
   was enabled and the admin/distro had explicitly configured audit
   beyond the defaults. Considering that AUDIT_ANOM events are anomolous
   events considered to be "security relevant", it seems wise to record
   these events as long as auditing is enabled, even if the system is
   running with a default audit configuration.

 - Mark the audit_log_vformat() function with the __printf() attribute
   to quiet GCC.

* tag 'audit-pr-20250527' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: record AUDIT_ANOM_* events regardless of presence of rules
  audit: mark audit_log_vformat() with __printf() attribute
parents b5628b81 654d61b8

kernel/audit.c

+3 −3
Original line number Diff line number Diff line
@@ -1956,8 +1956,8 @@ static inline int audit_expand(struct audit_buffer *ab, int extra) 
 * will be called a second time.  Currently, we assume that a printk

 * can't format message larger than 1024 bytes, so we don't either.

 */

static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,

			      va_list args)

static __printf(2, 0)

void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)

{

	int len, avail;

	struct sk_buff *skb;
@@ -2285,7 +2285,7 @@ void audit_log_path_denied(int type, const char *operation) 
{

	struct audit_buffer *ab;



	if (!audit_enabled || audit_dummy_context())

	if (!audit_enabled)

		return;



	/* Generate log with subject, operation, outcome. */