diff options
author | Ulrich Drepper <drepper@redhat.com> | 2005-12-29 01:09:00 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2005-12-29 01:09:00 +0000 |
commit | 62a8cefb906e388937c3ddbb18222f620a07cd02 (patch) | |
tree | 885f7d5d2bee0a66cfb44f39dd4328824e4631e6 /nscd/selinux.c | |
parent | fec5592dbea89a6ccab1cf6c332d05d10e16d673 (diff) | |
download | glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar.gz glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar.xz glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.zip |
* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
Don't do anything if audit_fd is invalid. (audit_init): Don't complain if kernel support is missing. Patch by Steve Grubb <sgrubb@redhat.com>.
Diffstat (limited to 'nscd/selinux.c')
-rw-r--r-- | nscd/selinux.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/nscd/selinux.c b/nscd/selinux.c index 91c1442b59..f0ac3cdf9a 100644 --- a/nscd/selinux.c +++ b/nscd/selinux.c @@ -27,6 +27,7 @@ #include <stdio.h> #include <stdlib.h> #include <syslog.h> +#include <unistd.h> #include <selinux/av_permissions.h> #include <selinux/avc.h> #include <selinux/flask.h> @@ -114,11 +115,28 @@ static int audit_fd = -1; static void log_callback (const char *fmt, ...) { - va_list ap; + if (audit_fd >= 0) + { + va_list ap; + va_start (ap, fmt); + + char *buf; + int e = vasprintf (&buf, fmt, ap); + if (e < 0) + { + buf = alloca (BUFSIZ); + vsnprintf (buf, BUFSIZ, fmt, ap); + } + + /* FIXME: need to attribute this to real user, using getuid for now */ + audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + NULL, getuid ()); - va_start (ap, fmt); - audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap); - va_end (ap); + if (e >= 0) + free (buf); + + va_end (ap); + } } /* Initialize the connection to the audit system */ @@ -126,8 +144,10 @@ static void audit_init (void) { audit_fd = audit_open (); - if (audit_fd < 0) - dbg_log (_("Failed opening connection to the audit subsystem")); + if (audit_fd < 0 + /* If kernel doesn't support audit, bail out */ + && errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) + dbg_log (_("Failed opening connection to the audit subsystem")); } #endif /* HAVE_LIBAUDIT */ |