Re: [PATCH][RFC] Light-weight Auditing Framework

[Rik Faith]

On Tue  2 Mar 2004 16:49:51 -0800,
   Chris Wright <chrisw@xxxxxxxx> wrote:
> * Rik Faith (faith@xxxxxxxxxx) wrote:
> > > Doesn't seem like CONFIG_AUDIT=n disables all the code.
> >
> > The bit tests in entry.S are still there, but those are the same tests
> > that are used for ptrace, and there is nothing that sets the bits.  So,
> > aside from that test, all of the code should be disabled.
> 
> I think, e.g. the code that calls audit_get/putname is still there.

When syscall auditing is disabled, the body of the if will become a nop
because of a #define, so the compiler will remove the whole if.  I don't
want to move the if into a macro, since this would make it look like the
function was called all the time.  I don't want the if in the function
because I'm trying not to call the function except when necessary.

I could put #ifdef CONFIG_AUDITSYSCALL around these statements, but I
find that often makes code harder to read.  However, in this case, that
might avoid some confusion.

> > Except where noted below, I have either incorporated all your
> > suggestions or made notes in the code to do so later.  The new patch is
> > at: http://people.redhat.com/faith/audit/audit-20040302.1632.patch
> 
> Oops, I wasn't clear re: the static initialized data...

Yes, sorry, please see:
    http://people.redhat.com/faith/audit/audit-20040303.0544.patch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/