aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2005-12-29 01:09:00 +0000
committerUlrich Drepper <drepper@redhat.com>2005-12-29 01:09:00 +0000
commit62a8cefb906e388937c3ddbb18222f620a07cd02 (patch)
tree885f7d5d2bee0a66cfb44f39dd4328824e4631e6
parentfec5592dbea89a6ccab1cf6c332d05d10e16d673 (diff)
downloadglibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar
glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar.gz
glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.tar.bz2
glibc-62a8cefb906e388937c3ddbb18222f620a07cd02.zip
* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
Don't do anything if audit_fd is invalid. (audit_init): Don't complain if kernel support is missing. Patch by Steve Grubb <sgrubb@redhat.com>.
-rw-r--r--ChangeLog5
-rw-r--r--nscd/selinux.c32
2 files changed, 31 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index b65adbd242..d8c575ea5e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@
2005-12-28 Ulrich Drepper <drepper@redhat.com>
+ * nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
+ Don't do anything if audit_fd is invalid.
+ (audit_init): Don't complain if kernel support is missing.
+ Patch by Steve Grubb <sgrubb@redhat.com>.
+
* sysdeps/i386/__longjmp.S [PTR_DEMANGLE]: Also demangle stack
pointer. Add CFI.
* sysdeps/i386/bsd-_setjmp.S [PTR_MANGLE]: Also mangle stack pointer.
diff --git a/nscd/selinux.c b/nscd/selinux.c
index 91c1442b59..f0ac3cdf9a 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -27,6 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
+#include <unistd.h>
#include <selinux/av_permissions.h>
#include <selinux/avc.h>
#include <selinux/flask.h>
@@ -114,11 +115,28 @@ static int audit_fd = -1;
static void
log_callback (const char *fmt, ...)
{
- va_list ap;
+ if (audit_fd >= 0)
+ {
+ va_list ap;
+ va_start (ap, fmt);
+
+ char *buf;
+ int e = vasprintf (&buf, fmt, ap);
+ if (e < 0)
+ {
+ buf = alloca (BUFSIZ);
+ vsnprintf (buf, BUFSIZ, fmt, ap);
+ }
+
+ /* FIXME: need to attribute this to real user, using getuid for now */
+ audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ NULL, getuid ());
- va_start (ap, fmt);
- audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap);
- va_end (ap);
+ if (e >= 0)
+ free (buf);
+
+ va_end (ap);
+ }
}
/* Initialize the connection to the audit system */
@@ -126,8 +144,10 @@ static void
audit_init (void)
{
audit_fd = audit_open ();
- if (audit_fd < 0)
- dbg_log (_("Failed opening connection to the audit subsystem"));
+ if (audit_fd < 0
+ /* If kernel doesn't support audit, bail out */
+ && errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
+ dbg_log (_("Failed opening connection to the audit subsystem"));
}
#endif /* HAVE_LIBAUDIT */