summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-04 00:47:44 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-04 00:48:09 +0100
commit0aa281df2c5f56623abddf25d6bcdb82b641aeb2 (patch)
tree582b6c93cf7ba32b8ea397391bf0040bef45adb7
parent0b97208d8c39131f8a7cfcfccb5c40b86af44ee5 (diff)
audit: improve the audit messages we generate
always pass along comm, as documented by audit. Always set the correct comm value.
-rw-r--r--src/core/manager.c12
-rw-r--r--src/update-utmp/update-utmp.c6
2 files changed, 10 insertions, 8 deletions
diff --git a/src/core/manager.c b/src/core/manager.c
index 2eab553016..ef1e3eac5f 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2066,6 +2066,7 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
#ifdef HAVE_AUDIT
_cleanup_free_ char *p = NULL;
+ const char *msg;
int audit_fd;
audit_fd = get_audit_fd();
@@ -2085,17 +2086,18 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
p = unit_name_to_prefix_and_instance(u->id);
if (!p) {
- log_error_unit(u->id,
- "Failed to allocate unit name for audit message: %s", strerror(ENOMEM));
+ log_oom();
return;
}
- if (audit_log_user_comm_message(audit_fd, type, "", p, NULL, NULL, NULL, success) < 0) {
- if (errno == EPERM) {
+ msg = strappenda("unit=", p);
+
+ if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
+ if (errno == EPERM)
/* We aren't allowed to send audit messages?
* Then let's not retry again. */
close_audit_fd();
- } else
+ else
log_warning("Failed to send audit message: %m");
}
#endif
diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c
index 31cae70950..311d686a8c 100644
--- a/src/update-utmp/update-utmp.c
+++ b/src/update-utmp/update-utmp.c
@@ -131,7 +131,7 @@ static int on_reboot(Context *c) {
#ifdef HAVE_AUDIT
if (c->audit_fd >= 0)
- if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "init", NULL, NULL, NULL, 1) < 0 &&
+ if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
errno != EPERM) {
log_error("Failed to send audit message: %m");
r = -errno;
@@ -161,7 +161,7 @@ static int on_shutdown(Context *c) {
#ifdef HAVE_AUDIT
if (c->audit_fd >= 0)
- if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "init", NULL, NULL, NULL, 1) < 0 &&
+ if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
errno != EPERM) {
log_error("Failed to send audit message: %m");
r = -errno;
@@ -215,7 +215,7 @@ static int on_runlevel(Context *c) {
runlevel > 0 ? runlevel : 'N') < 0)
return log_oom();
- if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, NULL, NULL, NULL, 1) < 0 &&
+ if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
errno != EPERM) {
log_error("Failed to send audit message: %m");
r = -errno;