2005-12-28 Ulrich Drepper <drepper@redhat.com>
+ * nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
+ Don't do anything if audit_fd is invalid.
+ (audit_init): Don't complain if kernel support is missing.
+ Patch by Steve Grubb <sgrubb@redhat.com>.
+
* sysdeps/i386/__longjmp.S [PTR_DEMANGLE]: Also demangle stack
pointer. Add CFI.
* sysdeps/i386/bsd-_setjmp.S [PTR_MANGLE]: Also mangle stack pointer.
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
+#include <unistd.h>
#include <selinux/av_permissions.h>
#include <selinux/avc.h>
#include <selinux/flask.h>
static void
log_callback (const char *fmt, ...)
{
- va_list ap;
+ if (audit_fd >= 0)
+ {
+ va_list ap;
+ va_start (ap, fmt);
+
+ char *buf;
+ int e = vasprintf (&buf, fmt, ap);
+ if (e < 0)
+ {
+ buf = alloca (BUFSIZ);
+ vsnprintf (buf, BUFSIZ, fmt, ap);
+ }
+
+ /* FIXME: need to attribute this to real user, using getuid for now */
+ audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ NULL, getuid ());
- va_start (ap, fmt);
- audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap);
- va_end (ap);
+ if (e >= 0)
+ free (buf);
+
+ va_end (ap);
+ }
}
/* Initialize the connection to the audit system */
audit_init (void)
{
audit_fd = audit_open ();
- if (audit_fd < 0)
- dbg_log (_("Failed opening connection to the audit subsystem"));
+ if (audit_fd < 0
+ /* If kernel doesn't support audit, bail out */
+ && errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
+ dbg_log (_("Failed opening connection to the audit subsystem"));
}
#endif /* HAVE_LIBAUDIT */
projects / platform / upstream / glibc.git / commitdiff