diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-11-04 00:01:32 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-11-04 00:01:32 +0100 |
| commit | 4d9ced9956755901238fede6fc5a3d7e4e816aa6 (patch) | |
| tree | 3eead67f45b9c742f1a5e28ba0290a1ab2047033 /src/journal/journald-audit.c | |
| parent | 2b0073e1d2fb0611733e0b83bd41cc753b254593 (diff) | |
journald: enable audit in the kernel when initializing
Similar to auditd actually turn on auditing as we are starting. This way
we can operate entirely without auditd around.
Diffstat (limited to 'src/journal/journald-audit.c')
| -rw-r--r-- | src/journal/journald-audit.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 787ec34bb8..0e1e8bd5d0 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -438,6 +438,51 @@ void server_process_audit_message( process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr)), tv); } +static int enable_audit(int fd, bool b) { + struct { + union { + struct nlmsghdr header; + uint8_t header_space[NLMSG_HDRLEN]; + }; + struct audit_status body; + } _packed_ request = { + .header.nlmsg_len = NLMSG_LENGTH(sizeof(struct audit_status)), + .header.nlmsg_type = AUDIT_SET, + .header.nlmsg_flags = NLM_F_REQUEST, + .header.nlmsg_seq = 1, + .header.nlmsg_pid = 0, + .body.mask = AUDIT_STATUS_ENABLED, + .body.enabled = b, + }; + union sockaddr_union sa = { + .nl.nl_family = AF_NETLINK, + .nl.nl_pid = 0, + }; + struct iovec iovec = { + .iov_base = &request, + .iov_len = NLMSG_LENGTH(sizeof(struct audit_status)), + }; + struct msghdr mh = { + .msg_iov = &iovec, + .msg_iovlen = 1, + .msg_name = &sa.sa, + .msg_namelen = sizeof(sa.nl), + }; + + ssize_t n; + + n = sendmsg(fd, &mh, MSG_NOSIGNAL); + if (n < 0) + return -errno; + if (n != NLMSG_LENGTH(sizeof(struct audit_status))) + return -EIO; + + /* We don't wait for the result here, we can't do anything + * about it anyway */ + + return 0; +} + int server_open_audit(Server *s) { static const int one = 1; int r; @@ -479,5 +524,10 @@ int server_open_audit(Server *s) { return r; } + /* We are listening now, try to enable audit */ + r = enable_audit(s->audit_fd, true); + if (r < 0) + log_warning("Failed to issue audit enable call: %s", strerror(-r)); + return 0; } |