From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sun, 2 Aug 2015 17:55:57 +0000 (-0400)
Subject: journald: make audit socket optional
X-Git-Tag: v228~214^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7d18d348da26fdbb392c76b0f5edb7f06282afbb;p=thirdparty%2Fsystemd.git

journald: make audit socket optional

If we were given some sockets through socket activation, and audit
socket is not among them, do not try to open it. This way, if the
socket unit is disabled, we will not receive audit events.

https://bugzilla.redhat.com/show_bug.cgi?id=1227379
---

diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index bff4e6f5377..ae325c439e9 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -1453,6 +1453,7 @@ static int server_open_hostname(Server *s) {
 int server_init(Server *s) {
         _cleanup_fdset_free_ FDSet *fds = NULL;
         int n, r, fd;
+        bool no_sockets;
 
         assert(s);
 
@@ -1569,6 +1570,9 @@ int server_init(Server *s) {
                 fds = fdset_free(fds);
         }
 
+        no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0;
+
+        /* always open stdout, syslog, native, and kmsg sockets */
         r = server_open_stdout_socket(s);
         if (r < 0)
                 return r;
@@ -1585,9 +1589,12 @@ int server_init(Server *s) {
         if (r < 0)
                 return r;
 
-        r = server_open_audit(s);
-        if (r < 0)
-                return r;
+        /* Unless we got *some* sockets and not audit, open audit socket */
+        if (s->audit_fd >= 0 || no_sockets) {
+                r = server_open_audit(s);
+                if (r < 0)
+                        return r;
+        }
 
         r = server_open_kernel_seqnum(s);
         if (r < 0)