diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-10-02 17:40:09 -0400 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-10-02 17:40:09 -0400 |
| commit | c1165f822cd9f8c3467b5f825ce933ab8374b361 (patch) | |
| tree | b986e9e6ead9693bdd4785f52ea7e6503bbf92bc /src/core/manager.c | |
| parent | cad45ba11ec3572296361f53f5852ffb97a97fa3 (diff) | |
audit: turn the audit fd into a static variable
As audit is pretty much just a special kind of logging we should treat
it similar, and manage the audit fd in a static variable.
This simplifies the audit fd sharing with the SELinux access checking
code quite a bit.
Diffstat (limited to 'src/core/manager.c')
| -rw-r--r-- | src/core/manager.c | 27 |
1 files changed, 6 insertions, 21 deletions
diff --git a/src/core/manager.c b/src/core/manager.c index 3cd99154e6..6fecbc3f71 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -68,6 +68,7 @@ #include "watchdog.h" #include "cgroup-util.h" #include "path-util.h" +#include "audit-fd.h" /* As soon as 16 units are in our GC queue, make sure to run a gc sweep */ #define GC_QUEUE_ENTRIES_MAX 16 @@ -257,10 +258,6 @@ int manager_new(SystemdRunningAs running_as, Manager **_m) { m->pin_cgroupfs_fd = -1; m->idle_pipe[0] = m->idle_pipe[1] = -1; -#ifdef HAVE_AUDIT - m->audit_fd = -1; -#endif - m->signal_watch.fd = m->mount_watch.fd = m->udev_watch.fd = m->epoll_fd = m->dev_autofs_fd = m->swap_watch.fd = -1; m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */ @@ -307,14 +304,6 @@ int manager_new(SystemdRunningAs running_as, Manager **_m) { if ((r = bus_init(m, running_as != SYSTEMD_SYSTEM)) < 0) goto fail; -#ifdef HAVE_AUDIT - if ((m->audit_fd = audit_open()) < 0 && - /* If the kernel lacks netlink or audit support, - * don't worry about it. */ - errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT) - log_error("Failed to connect to audit log: %m"); -#endif - m->taint_usr = dir_is_empty("/usr") > 0; *_m = m; @@ -498,11 +487,6 @@ void manager_free(Manager *m) { if (m->notify_watch.fd >= 0) close_nointr_nofail(m->notify_watch.fd); -#ifdef HAVE_AUDIT - if (m->audit_fd >= 0) - audit_close(m->audit_fd); -#endif - free(m->notify_socket); lookup_paths_free(&m->lookup_paths); @@ -1553,8 +1537,10 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) { #ifdef HAVE_AUDIT char *p; + int audit_fd; - if (m->audit_fd < 0) + audit_fd = get_audit_fd(); + if (audit_fd < 0) return; /* Don't generate audit events if the service was already @@ -1573,12 +1559,11 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) { return; } - if (audit_log_user_comm_message(m->audit_fd, type, "", p, NULL, NULL, NULL, success) < 0) { + if (audit_log_user_comm_message(audit_fd, type, "", p, NULL, NULL, NULL, success) < 0) { if (errno == EPERM) { /* We aren't allowed to send audit messages? * Then let's not retry again. */ - audit_close(m->audit_fd); - m->audit_fd = -1; + close_audit_fd(); } else log_warning("Failed to send audit message: %m"); } |