projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d39566) | patch
audit-fd: check for CAP_AUDIT_WRITE before opening an audit socket
authorGary Tierney <gary.tierney@gmx.com>
Tue, 2 May 2017 20:05:32 +0000 (21:05 +0100)
committerGary Tierney <gary.tierney@gmx.com>
Fri, 12 May 2017 13:43:39 +0000 (14:43 +0100)
commitb3fb3c01eeedd1995c74dbe30fe33f189bc828e2
tree452ddad92a1ad58b95a59776e91f05c4cb2f46datree | snapshot
parent6d395665e5ce7b64f3de4c9550c0779843e6cc44commit | diff
audit-fd: check for CAP_AUDIT_WRITE before opening an audit socket

Adds a check to audit-fd.c to ensure that CAP_AUDIT_WRITE is present in
the set of effective capabilities before opening an audit netlink
socket.  This ensures that unprivileged systemd instances (MANAGER_USER)
don't try to log AVC permission checks with the audit subsystem when
CAP_AUDIT_WRITE is not present.
src/core/audit-fd.c diff | blob | history
Domain: System / System Framework;