diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-11-04 00:01:32 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-11-04 00:01:32 +0100 |
| commit | 4d9ced9956755901238fede6fc5a3d7e4e816aa6 (patch) | |
| tree | 3eead67f45b9c742f1a5e28ba0290a1ab2047033 | |
| parent | 2b0073e1d2fb0611733e0b83bd41cc753b254593 (diff) | |
journald: enable audit in the kernel when initializing
Similar to auditd actually turn on auditing as we are starting. This way
we can operate entirely without auditd around.
| -rw-r--r-- | src/journal/journald-audit.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index 787ec34bb..0e1e8bd5d 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -438,6 +438,51 @@ void server_process_audit_message( process_audit_string(s, nl->nlmsg_type, NLMSG_DATA(nl), nl->nlmsg_len - ALIGN(sizeof(struct nlmsghdr)), tv); } +static int enable_audit(int fd, bool b) { + struct { + union { + struct nlmsghdr header; + uint8_t header_space[NLMSG_HDRLEN]; + }; + struct audit_status body; + } _packed_ request = { + .header.nlmsg_len = NLMSG_LENGTH(sizeof(struct audit_status)), + .header.nlmsg_type = AUDIT_SET, + .header.nlmsg_flags = NLM_F_REQUEST, + .header.nlmsg_seq = 1, + .header.nlmsg_pid = 0, + .body.mask = AUDIT_STATUS_ENABLED, + .body.enabled = b, + }; + union sockaddr_union sa = { + .nl.nl_family = AF_NETLINK, + .nl.nl_pid = 0, + }; + struct iovec iovec = { + .iov_base = &request, + .iov_len = NLMSG_LENGTH(sizeof(struct audit_status)), + }; + struct msghdr mh = { + .msg_iov = &iovec, + .msg_iovlen = 1, + .msg_name = &sa.sa, + .msg_namelen = sizeof(sa.nl), + }; + + ssize_t n; + + n = sendmsg(fd, &mh, MSG_NOSIGNAL); + if (n < 0) + return -errno; + if (n != NLMSG_LENGTH(sizeof(struct audit_status))) + return -EIO; + + /* We don't wait for the result here, we can't do anything + * about it anyway */ + + return 0; +} + int server_open_audit(Server *s) { static const int one = 1; int r; @@ -479,5 +524,10 @@ int server_open_audit(Server *s) { return r; } + /* We are listening now, try to enable audit */ + r = enable_audit(s->audit_fd, true); + if (r < 0) + log_warning("Failed to issue audit enable call: %s", strerror(-r)); + return 0; } |