Merge pull request #4280 from giuseppe/unprivileged-user

[RFC] run systemd in an unprivileged container
author: Lennart Poettering <lennart@poettering.net> 2016-10-06 15:44:27 +0200
committer: GitHub <noreply@github.com> 2016-10-06 15:44:27 +0200
commit: e057995bb1314a94ce460d8e5a2a20e73c0e2ad4 (patch)
tree: 6ca280b3a1526e61c9fed7b87854e2ba0ddb80c8 /src/basic/audit-util.c
parent: 94f42fe3a68129fc5d30fc0ee2094c3052ea782b (diff)
parent: 36d854780c01d589e5da1fc6e94f46aa41f7016f (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c
index 5741fecdd6..d1c9695973 100644
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@@ -92,8 +92,11 @@ bool use_audit(void) {
                 int fd;
 
                 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
-                if (fd < 0)
-                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                if (fd < 0) {
+                        cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
+                        if (errno == EPERM)
+                                log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
+                }
                 else {
                         cached_use = true;
                         safe_close(fd);
author	Lennart Poettering <lennart@poettering.net>	2016-10-06 15:44:27 +0200
committer	GitHub <noreply@github.com>	2016-10-06 15:44:27 +0200
commit	e057995bb1314a94ce460d8e5a2a20e73c0e2ad4 (patch)
tree	6ca280b3a1526e61c9fed7b87854e2ba0ddb80c8 /src/basic/audit-util.c
parent	94f42fe3a68129fc5d30fc0ee2094c3052ea782b (diff)
parent	36d854780c01d589e5da1fc6e94f46aa41f7016f (diff)