summary refs log tree commit diff
path: root/nscd/selinux.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2005-12-29 01:09:00 +0000
committerUlrich Drepper <drepper@redhat.com>2005-12-29 01:09:00 +0000
commit62a8cefb906e388937c3ddbb18222f620a07cd02 (patch)
tree885f7d5d2bee0a66cfb44f39dd4328824e4631e6 /nscd/selinux.c
parentfec5592dbea89a6ccab1cf6c332d05d10e16d673 (diff)
downloadglibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar.gz
glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar.xz
glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.zip
* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
	Don't do anything if audit_fd is invalid.
	(audit_init): Don't complain if kernel support is missing.
	Patch by Steve Grubb <sgrubb@redhat.com>.
Diffstat (limited to 'nscd/selinux.c')
-rw-r--r--nscd/selinux.c32
1 files changed, 26 insertions, 6 deletions
diff --git a/nscd/selinux.c b/nscd/selinux.c
index 91c1442b59..f0ac3cdf9a 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <syslog.h>
+#include <unistd.h>
 #include <selinux/av_permissions.h>
 #include <selinux/avc.h>
 #include <selinux/flask.h>
@@ -114,11 +115,28 @@ static int audit_fd = -1;
 static void
 log_callback (const char *fmt, ...)
 {
-  va_list ap;
+  if (audit_fd >= 0)
+    {
+      va_list ap;
+      va_start (ap, fmt);
+
+      char *buf;
+      int e = vasprintf (&buf, fmt, ap);
+      if (e < 0)
+	{
+	  buf = alloca (BUFSIZ);
+	  vsnprintf (buf, BUFSIZ, fmt, ap);
+	}
+
+      /* FIXME: need to attribute this to real user, using getuid for now */
+      audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+				  NULL, getuid ());
 
-  va_start (ap, fmt);
-  audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap);
-  va_end (ap);
+      if (e >= 0)
+	free (buf);
+
+      va_end (ap);
+    }
 }
 
 /* Initialize the connection to the audit system */
@@ -126,8 +144,10 @@ static void
 audit_init (void)
 {
   audit_fd = audit_open ();
-  if (audit_fd < 0)
-     dbg_log (_("Failed opening connection to the audit subsystem"));
+  if (audit_fd < 0
+      /* If kernel doesn't support audit, bail out */
+      && errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
+    dbg_log (_("Failed opening connection to the audit subsystem"));
 }
 #endif /* HAVE_LIBAUDIT */