summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-04 00:01:32 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-04 00:01:32 +0100
commit4d9ced9956755901238fede6fc5a3d7e4e816aa6 (patch)
tree3eead67f45b9c742f1a5e28ba0290a1ab2047033
parent2b0073e1d2fb0611733e0b83bd41cc753b254593 (diff)
journald: enable audit in the kernel when initializing
Similar to auditd actually turn on auditing as we are starting. This way we can operate entirely without auditd around.
-rw-r--r--src/journal/journald-audit.c50
1 files changed, 50 insertions, 0 deletions
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
index 787ec34bb8..0e1e8bd5d0 100644
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@@ -438,6 +438,51 @@ void server_process_audit_message(
process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr)), tv);
}
+static int enable_audit(int fd, bool b) {
+ struct {
+ union {
+ struct nlmsghdr header;
+ uint8_t header_space[NLMSG_HDRLEN];
+ };
+ struct audit_status body;
+ } _packed_ request = {
+ .header.nlmsg_len = NLMSG_LENGTH(sizeof(struct audit_status)),
+ .header.nlmsg_type = AUDIT_SET,
+ .header.nlmsg_flags = NLM_F_REQUEST,
+ .header.nlmsg_seq = 1,
+ .header.nlmsg_pid = 0,
+ .body.mask = AUDIT_STATUS_ENABLED,
+ .body.enabled = b,
+ };
+ union sockaddr_union sa = {
+ .nl.nl_family = AF_NETLINK,
+ .nl.nl_pid = 0,
+ };
+ struct iovec iovec = {
+ .iov_base = &request,
+ .iov_len = NLMSG_LENGTH(sizeof(struct audit_status)),
+ };
+ struct msghdr mh = {
+ .msg_iov = &iovec,
+ .msg_iovlen = 1,
+ .msg_name = &sa.sa,
+ .msg_namelen = sizeof(sa.nl),
+ };
+
+ ssize_t n;
+
+ n = sendmsg(fd, &mh, MSG_NOSIGNAL);
+ if (n < 0)
+ return -errno;
+ if (n != NLMSG_LENGTH(sizeof(struct audit_status)))
+ return -EIO;
+
+ /* We don't wait for the result here, we can't do anything
+ * about it anyway */
+
+ return 0;
+}
+
int server_open_audit(Server *s) {
static const int one = 1;
int r;
@@ -479,5 +524,10 @@ int server_open_audit(Server *s) {
return r;
}
+ /* We are listening now, try to enable audit */
+ r = enable_audit(s->audit_fd, true);
+ if (r < 0)
+ log_warning("Failed to issue audit enable call: %s", strerror(-r));
+
return 0;
}