From owner-svn-src-head@FreeBSD.ORG  Tue Jan  6 13:59:59 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D851E106566B;
	Tue,  6 Jan 2009 13:59:59 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id C62038FC08;
	Tue,  6 Jan 2009 13:59:59 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n06Dxxgh032916;
	Tue, 6 Jan 2009 13:59:59 GMT (envelope-from rwatson@svn.freebsd.org)
Received: (from rwatson@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n06DxxFj032915;
	Tue, 6 Jan 2009 13:59:59 GMT (envelope-from rwatson@svn.freebsd.org)
Message-Id: <200901061359.n06DxxFj032915@svn.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 6 Jan 2009 13:59:59 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r186822 - head/sys/security/audit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2009 14:00:00 -0000

Author: rwatson
Date: Tue Jan  6 13:59:59 2009
New Revision: 186822
URL: http://svn.freebsd.org/changeset/base/186822

Log:
  In AUDIT_SYSCALL_EXIT(), invoke audit_syscall_exit() only if an audit
  record is active on the current thread--historically we may always
  have wanted to enter the audit code if auditing was enabled, but now
  we just commit the audit record so don't need to enter if there isn't
  one.
  
  Obtained from:	TrustedBSD Project
  Sponsored by:	Apple, Inc.

Modified:
  head/sys/security/audit/audit.h

Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h	Tue Jan  6 13:27:56 2009	(r186821)
+++ head/sys/security/audit/audit.h	Tue Jan  6 13:59:59 2009	(r186822)
@@ -198,11 +198,11 @@ void	 audit_thread_free(struct thread *t
 
 /*
  * Wrap the audit_syscall_exit() function so that it is called only when
- * auditing is enabled, or we have a audit record on the thread.  It is
- * possible that an audit record was begun before auditing was turned off.
+ * we have a audit record on the thread.  Audit records can persist after
+ * auditing is disabled, so we don't just check audit_enabled here.
  */
 #define	AUDIT_SYSCALL_EXIT(error, td)	do {				\
-	if (audit_enabled || (td->td_ar != NULL))			\
+	if (td->td_ar != NULL)						\
 		audit_syscall_exit(error, td);				\
 } while (0)