summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-01-11 22:45:05 +0100
committerLennart Poettering <lennart@poettering.net>2012-01-11 22:45:05 +0100
commit8a0f04e6a283cc6734ee09a20305c13e09ba0418 (patch)
tree40f7dc31f4b254371f47c2b912805d54c413338d /src
parentb785c858c3baf855ec42e3b83f5d23dadfece069 (diff)
journal: add SELinux context to all logged messages
Diffstat (limited to 'src')
-rw-r--r--src/journal/journald.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/src/journal/journald.c b/src/journal/journald.c
index 33865b8120..56cd31317e 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -52,6 +52,10 @@
#include "acl-util.h"
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#define USER_JOURNALS_MAX 1024
#define STDOUT_STREAMS_MAX 4096
@@ -64,7 +68,7 @@
#define SYSLOG_TIMEOUT_USEC (250*USEC_PER_MSEC)
-#define N_IOVEC_META_FIELDS 16
+#define N_IOVEC_META_FIELDS 17
typedef enum StdoutStreamState {
STDOUT_STREAM_IDENTIFIER,
@@ -436,7 +440,7 @@ static void dispatch_message_real(Server *s,
*comm = NULL, *cmdline = NULL, *hostname = NULL,
*audit_session = NULL, *audit_loginuid = NULL,
*exe = NULL, *cgroup = NULL, *session = NULL,
- *owner_uid = NULL, *unit = NULL;
+ *owner_uid = NULL, *unit = NULL, *selinux_context = NULL;
char idbuf[33];
sd_id128_t id;
@@ -454,6 +458,9 @@ static void dispatch_message_real(Server *s,
if (ucred) {
uint32_t audit;
uid_t owner;
+#ifdef HAVE_SELINUX
+ security_context_t con;
+#endif
realuid = ucred->uid;
@@ -531,6 +538,16 @@ static void dispatch_message_real(Server *s,
if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
IOVEC_SET_STRING(iovec[n++], owner_uid);
+
+#ifdef HAVE_SELINUX
+ if (getpidcon(ucred->pid, &con) >= 0) {
+ selinux_context = strappend("_SELINUX_CONTEXT=", con);
+ if (selinux_context)
+ IOVEC_SET_STRING(iovec[n++], selinux_context);
+
+ freecon(con);
+ }
+#endif
}
if (tv) {
@@ -602,6 +619,7 @@ retry:
free(session);
free(owner_uid);
free(unit);
+ free(selinux_context);
}
static void driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {