/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#include <errno.h>
-#include <linux/audit.h>
-#include <linux/netlink.h>
-#include <stdio.h>
-#include <sys/socket.h>
-
#include "alloc-util.h"
#include "audit-util.h"
-#include "fd-util.h"
#include "fileio.h"
-#include "iovec-util.h"
-#include "macro.h"
#include "parse-util.h"
#include "process-util.h"
-#include "socket-util.h"
#include "stat-util.h"
#include "user-util.h"
#include "virt.h"
return parse_uid(s, ret_uid);
}
-
-static int try_audit_request(int fd) {
- struct iovec iov;
- struct msghdr mh;
- ssize_t n;
-
- assert(fd >= 0);
-
- struct {
- struct nlmsghdr hdr;
- struct nlmsgerr err;
- } _packed_ msg = {
- .hdr.nlmsg_len = NLMSG_LENGTH(0),
- .hdr.nlmsg_type = AUDIT_GET_FEATURE,
- .hdr.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,
- };
- iov = IOVEC_MAKE(&msg, msg.hdr.nlmsg_len);
- mh = (struct msghdr) {
- .msg_iov = &iov,
- .msg_iovlen = 1,
- };
-
- if (sendmsg(fd, &mh, MSG_NOSIGNAL) < 0)
- return -errno;
-
- iov.iov_len = sizeof(msg);
-
- n = recvmsg_safe(fd, &mh, 0);
- if (n < 0)
- return n;
- if (n != NLMSG_LENGTH(sizeof(struct nlmsgerr)))
- return -EIO;
-
- if (msg.hdr.nlmsg_type != NLMSG_ERROR)
- return -EINVAL;
-
- return msg.err.error;
-}
-
-bool use_audit(void) {
- static int cached_use = -1;
- int r;
-
- if (cached_use >= 0)
- return cached_use;
-
- _cleanup_close_ int fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
- if (fd < 0) {
- cached_use = !ERRNO_IS_PRIVILEGE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno);
- if (cached_use)
- log_debug_errno(errno, "Unexpected error while creating audit socket, proceeding with its use: %m");
- else
- log_debug_errno(errno, "Won't talk to audit, because feature or privilege absent: %m");
- } else {
- /* If we try and use the audit fd but get -ECONNREFUSED, it is because we are not in the
- * initial user namespace, and the kernel does not have support for audit outside of the
- * initial user namespace (see
- * https://elixir.bootlin.com/linux/latest/C/ident/audit_netlink_ok).
- *
- * If we receive any other error, do not disable audit because we are not sure that the error
- * indicates that audit will not work in general. */
- r = try_audit_request(fd);
- if (r < 0) {
- cached_use = r != -ECONNREFUSED;
- log_debug_errno(r, cached_use ?
- "Failed to make request on audit fd, ignoring: %m" :
- "Won't talk to audit: %m");
- } else
- cached_use = true;
- }
-
- return cached_use;
-}
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
-#if HAVE_AUDIT
-# include <libaudit.h>
-#endif
-
#include <stdbool.h>
#include <stdint.h>
-#include <sys/types.h>
-#include "errno-util.h"
-#include "log.h"
#include "pidref.h"
#define AUDIT_SESSION_INVALID UINT32_MAX
int audit_session_from_pid(const PidRef *pid, uint32_t *ret_id);
int audit_loginuid_from_pid(const PidRef *pid, uid_t *ret_uid);
-bool use_audit(void);
-
static inline bool audit_session_is_valid(uint32_t id) {
return id > 0 && id != AUDIT_SESSION_INVALID;
}
-
-/* The wrappers for audit_open() and audit_close() are inline functions so that we don't get a spurious
- * linkage to libaudit in libbasic, but we also don't need to create a separate source file for two very
- * short functions. */
-
-static inline int close_audit_fd(int fd) {
-#if HAVE_AUDIT
- if (fd >= 0)
- audit_close(fd);
-#else
- assert(fd < 0);
-#endif
- return -EBADF;
-}
-
-static inline int open_audit_fd_or_warn(void) {
- int fd = -EBADF;
-
-#if HAVE_AUDIT
- /* If the kernel lacks netlink or audit support, don't worry about it. */
- fd = audit_open();
- if (fd < 0)
- return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING,
- errno, "Failed to connect to audit log, ignoring: %m");
-#endif
- return fd;
-}
#if HAVE_AUDIT
# include <stdbool.h>
-# include "audit-util.h"
+# include "libaudit-util.h"
# include "capability-util.h"
static bool initialized = false;
#include "alloc-util.h"
#include "apparmor-util.h"
#include "architecture.h"
-#include "audit-util.h"
#include "battery-util.h"
#include "bitfield.h"
#include "blockdev-util.h"
#include "id128-util.h"
#include "ima-util.h"
#include "initrd-util.h"
+#include "libaudit-util.h"
#include "limits-util.h"
#include "list.h"
#include "macro.h"
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <errno.h>
+#include <linux/audit.h>
+#include <linux/netlink.h>
+#include <stdio.h>
+#include <sys/socket.h>
+
+#if HAVE_AUDIT
+# include <libaudit.h>
+#endif
+
+#include "fd-util.h"
+#include "iovec-util.h"
+#include "libaudit-util.h"
+#include "log.h"
+#include "socket-util.h"
+
+static int try_audit_request(int fd) {
+ struct iovec iov;
+ struct msghdr mh;
+ ssize_t n;
+
+ assert(fd >= 0);
+
+ struct {
+ struct nlmsghdr hdr;
+ struct nlmsgerr err;
+ } _packed_ msg = {
+ .hdr.nlmsg_len = NLMSG_LENGTH(0),
+ .hdr.nlmsg_type = AUDIT_GET_FEATURE,
+ .hdr.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,
+ };
+ iov = IOVEC_MAKE(&msg, msg.hdr.nlmsg_len);
+ mh = (struct msghdr) {
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ };
+
+ if (sendmsg(fd, &mh, MSG_NOSIGNAL) < 0)
+ return -errno;
+
+ iov.iov_len = sizeof(msg);
+
+ n = recvmsg_safe(fd, &mh, 0);
+ if (n < 0)
+ return n;
+ if (n != NLMSG_LENGTH(sizeof(struct nlmsgerr)))
+ return -EIO;
+
+ if (msg.hdr.nlmsg_type != NLMSG_ERROR)
+ return -EINVAL;
+
+ return msg.err.error;
+}
+
+bool use_audit(void) {
+ static int cached_use = -1;
+ int r;
+
+ if (cached_use >= 0)
+ return cached_use;
+
+ _cleanup_close_ int fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
+ if (fd < 0) {
+ cached_use = !ERRNO_IS_PRIVILEGE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno);
+ if (cached_use)
+ log_debug_errno(errno, "Unexpected error while creating audit socket, proceeding with its use: %m");
+ else
+ log_debug_errno(errno, "Won't talk to audit, because feature or privilege absent: %m");
+ } else {
+ /* If we try and use the audit fd but get -ECONNREFUSED, it is because we are not in the
+ * initial user namespace, and the kernel does not have support for audit outside of the
+ * initial user namespace (see
+ * https://elixir.bootlin.com/linux/latest/C/ident/audit_netlink_ok).
+ *
+ * If we receive any other error, do not disable audit because we are not sure that the error
+ * indicates that audit will not work in general. */
+ r = try_audit_request(fd);
+ if (r < 0) {
+ cached_use = r != -ECONNREFUSED;
+ log_debug_errno(r, cached_use ?
+ "Failed to make request on audit fd, ignoring: %m" :
+ "Won't talk to audit: %m");
+ } else
+ cached_use = true;
+ }
+
+ return cached_use;
+}
+
+int close_audit_fd(int fd) {
+#if HAVE_AUDIT
+ if (fd >= 0)
+ audit_close(fd);
+#else
+ assert(fd < 0);
+#endif
+ return -EBADF;
+}
+
+int open_audit_fd_or_warn(void) {
+ int fd = -EBADF;
+
+#if HAVE_AUDIT
+ /* If the kernel lacks netlink or audit support, don't worry about it. */
+ fd = audit_open();
+ if (fd < 0)
+ return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING,
+ errno, "Failed to connect to audit log, ignoring: %m");
+#endif
+ return fd;
+}
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <stdbool.h>
+
+bool use_audit(void);
+
+int close_audit_fd(int fd);
+int open_audit_fd_or_warn(void);
'killall.c',
'label-util.c',
'libarchive-util.c',
+ 'libaudit-util.c',
'libcrypt-util.c',
'libfido2-util.c',
'libmount-util.c',
libshared_deps = [threads,
libacl,
+ libaudit,
libblkid,
libcap,
libcrypt,
#include <getopt.h>
+#if HAVE_AUDIT
+# include <libaudit.h>
+#endif
+
#include "alloc-util.h"
-#include "audit-util.h"
#include "build.h"
#include "chase.h"
#include "conf-files.h"
#include "fs-util.h"
#include "hashmap.h"
#include "image-policy.h"
+#include "libaudit-util.h"
#include "libcrypt-util.h"
#include "main-func.h"
#include "memory-util.h"
#include "alloc-util.h"
#include "apparmor-util.h"
#include "architecture.h"
-#include "audit-util.h"
#include "battery-util.h"
#include "cgroup-util.h"
#include "condition.h"
#include "hostname-util.h"
#include "id128-util.h"
#include "ima-util.h"
+#include "libaudit-util.h"
#include "limits-util.h"
#include "log.h"
#include "macro.h"
#include <sys/types.h>
#include <unistd.h>
+#if HAVE_AUDIT
+# include <libaudit.h>
+#endif
+
#include "sd-bus.h"
#include "alloc-util.h"
-#include "audit-util.h"
#include "bus-error.h"
#include "bus-locator.h"
#include "bus-util.h"
#include "format-util.h"
+#include "libaudit-util.h"
#include "log.h"
#include "macro.h"
#include "main-func.h"
projects / thirdparty / systemd.git / commitdiff
