summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-04 00:01:32 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-04 00:01:32 +0100
commit4d9ced9956755901238fede6fc5a3d7e4e816aa6 (patch)
tree3eead67f45b9c742f1a5e28ba0290a1ab2047033 /src
parent2b0073e1d2fb0611733e0b83bd41cc753b254593 (diff)
journald: enable audit in the kernel when initializing
Similar to auditd actually turn on auditing as we are starting. This way we can operate entirely without auditd around.
Diffstat (limited to 'src')
-rw-r--r--src/journal/journald-audit.c50
1 files changed, 50 insertions, 0 deletions
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
index 787ec34bb8..0e1e8bd5d0 100644
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@@ -438,6 +438,51 @@ void server_process_audit_message(
process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr)), tv);
}
+static int enable_audit(int fd, bool b) {
+ struct {
+ union {
+ struct nlmsghdr header;
+ uint8_t header_space[NLMSG_HDRLEN];
+ };
+ struct audit_status body;
+ } _packed_ request = {
+ .header.nlmsg_len = NLMSG_LENGTH(sizeof(struct audit_status)),
+ .header.nlmsg_type = AUDIT_SET,
+ .header.nlmsg_flags = NLM_F_REQUEST,
+ .header.nlmsg_seq = 1,
+ .header.nlmsg_pid = 0,
+ .body.mask = AUDIT_STATUS_ENABLED,
+ .body.enabled = b,
+ };
+ union sockaddr_union sa = {
+ .nl.nl_family = AF_NETLINK,
+ .nl.nl_pid = 0,
+ };
+ struct iovec iovec = {
+ .iov_base = &request,
+ .iov_len = NLMSG_LENGTH(sizeof(struct audit_status)),
+ };
+ struct msghdr mh = {
+ .msg_iov = &iovec,
+ .msg_iovlen = 1,
+ .msg_name = &sa.sa,
+ .msg_namelen = sizeof(sa.nl),
+ };
+
+ ssize_t n;
+
+ n = sendmsg(fd, &mh, MSG_NOSIGNAL);
+ if (n < 0)
+ return -errno;
+ if (n != NLMSG_LENGTH(sizeof(struct audit_status)))
+ return -EIO;
+
+ /* We don't wait for the result here, we can't do anything
+ * about it anyway */
+
+ return 0;
+}
+
int server_open_audit(Server *s) {
static const int one = 1;
int r;
@@ -479,5 +524,10 @@ int server_open_audit(Server *s) {
return r;
}
+ /* We are listening now, try to enable audit */
+ r = enable_audit(s->audit_fd, true);
+ if (r < 0)
+ log_warning("Failed to issue audit enable call: %s", strerror(-r));
+
return 0;
}