]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/audit-util.c
a94378f6121858c3e4298861ef3a466e7908762d
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "alloc-util.h"
4 #include "audit-util.h"
6 #include "parse-util.h"
8 #include "process-util.h"
10 #include "user-util.h"
13 static int audit_read_field(const PidRef
*pid
, const char *field
, char **ret
) {
19 if (!pidref_is_set(pid
))
22 /* Auditing is currently not virtualized for containers. Let's hence not use the audit session ID or
23 * login UID for now, it will be leaked in from the host */
24 if (detect_container() > 0)
27 const char *p
= procfs_file_alloca(pid
->pid
, field
);
29 _cleanup_free_
char *s
= NULL
;
31 r
= read_full_virtual_file(p
, &s
, /* ret_size= */ NULL
);
33 if (proc_mounted() == 0)
39 r
= pidref_verify(pid
);
43 if (enoent
) /* We got ENOENT, but /proc/ was mounted and the PID still valid? In that case it appears
44 * auditing is not supported by the kernel. */
47 delete_trailing_chars(s
, NEWLINE
);
53 int audit_session_from_pid(const PidRef
*pid
, uint32_t *ret_id
) {
54 _cleanup_free_
char *s
= NULL
;
57 r
= audit_read_field(pid
, "sessionid", &s
);
62 r
= safe_atou32(s
, &u
);
66 if (!audit_session_is_valid(u
))
75 int audit_loginuid_from_pid(const PidRef
*pid
, uid_t
*ret_uid
) {
76 _cleanup_free_
char *s
= NULL
;
79 r
= audit_read_field(pid
, "loginuid", &s
);
83 if (streq(s
, "4294967295")) /* loginuid as 4294967295 means not part of any session. */
86 return parse_uid(s
, ret_uid
);