]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/audit-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <linux/netlink.h>
6 #include <sys/socket.h>
8 #include "alloc-util.h"
9 #include "audit-util.h"
13 #include "parse-util.h"
14 #include "process-util.h"
15 #include "user-util.h"
17 int audit_session_from_pid(pid_t pid
, uint32_t *id
) {
18 _cleanup_free_
char *s
= NULL
;
25 /* We don't convert ENOENT to ESRCH here, since we can't
26 * really distinguish between "audit is not available in the
27 * kernel" and "the process does not exist", both which will
28 * result in ENOENT. */
30 p
= procfs_file_alloca(pid
, "sessionid");
32 r
= read_one_line_file(p
, &s
);
36 r
= safe_atou32(s
, &u
);
40 if (!audit_session_is_valid(u
))
47 int audit_loginuid_from_pid(pid_t pid
, uid_t
*uid
) {
48 _cleanup_free_
char *s
= NULL
;
55 p
= procfs_file_alloca(pid
, "loginuid");
57 r
= read_one_line_file(p
, &s
);
62 if (r
== -ENXIO
) /* the UID was -1 */
71 bool use_audit(void) {
72 static int cached_use
= -1;
77 fd
= socket(AF_NETLINK
, SOCK_RAW
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, NETLINK_AUDIT
);
79 cached_use
= !IN_SET(errno
, EAFNOSUPPORT
, EPROTONOSUPPORT
, EPERM
);
81 log_debug_errno(errno
, "Won't talk to audit: %m");