audit: audit calls should return ENODATA when process are not in an audit session

ENODATA is how we usually indicate such "missing info" cases, so we
should do this here, too.

1 files changed, 8 insertions, 1 deletions

diff --git a/src/basic/audit.c b/src/basic/audit.c
index 54148fcf18..1f593aa813 100644
--- a/src/basic/audit.c
+++ b/src/basic/audit.c
@@ -36,6 +36,11 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
 
         assert(id);
 
+        /* We don't convert ENOENT to ESRCH here, since we can't
+         * really distuingish between "audit is not available in the
+         * kernel" and "the process does not exist", both which will
+         * result in ENOENT. */
+
         p = procfs_file_alloca(pid, "sessionid");
 
         r = read_one_line_file(p, &s);
@@ -47,7 +52,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
                 return r;
 
         if (u == AUDIT_SESSION_INVALID || u <= 0)
-                return -ENXIO;
+                return -ENODATA;
 
         *id = u;
         return 0;
@@ -68,6 +73,8 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
                 return r;
 
         r = parse_uid(s, &u);
+        if (r == -ENXIO) /* the UID was -1 */
+                return -ENODATA;
         if (r < 0)
                 return r;