[PATCH] audit: fix oops removing watch if audit disabled

Removing a watched file will oops if audit is disabled (auditctl -e 0). To reproduce: - auditctl -e 1 - touch /tmp/foo - auditctl -w /tmp/foo - auditctl -e 0 - rm /tmp/foo (or mv) Signed-off-by: Tony Jones <tonyj@suse.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Tony Jones <tonyj@suse.de> 2007-06-23 17:16:47 -0700
committer: Willy Tarreau <w@1wt.eu> 2007-08-15 10:02:32 +0200
commit: 78977b665b8f03c56bbb0f7549200e058b7e067f (patch)
tree: 225535867bc334e1db980bbf02cda7a93f936c4a /kernel
parent: ea317f3c75a3ff7316d6abbcfa661df277cf4d98 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 9c8c23227c7f..5a756579f069 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -905,7 +905,7 @@ static void audit_update_watch(struct audit_parent *parent,
 
 		/* If the update involves invalidating rules, do the inode-based
 		 * filtering now, so we don't omit records. */
-		if (invalidating &&
+		if (invalidating && current->audit_context &&
 		    audit_filter_inodes(current, current->audit_context) == AUDIT_RECORD_CONTEXT)
 			audit_set_auditable(current->audit_context);
author	Tony Jones <tonyj@suse.de>	2007-06-23 17:16:47 -0700
committer	Willy Tarreau <w@1wt.eu>	2007-08-15 10:02:32 +0200
commit	78977b665b8f03c56bbb0f7549200e058b7e067f (patch)
tree	225535867bc334e1db980bbf02cda7a93f936c4a /kernel
parent	ea317f3c75a3ff7316d6abbcfa661df277cf4d98 (diff)