mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-27 03:41:23 +08:00
* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
Don't do anything if audit_fd is invalid. (audit_init): Don't complain if kernel support is missing. Patch by Steve Grubb <sgrubb@redhat.com>.
This commit is contained in:
parent
fec5592dbe
commit
62a8cefb90
@ -5,6 +5,11 @@
|
||||
|
||||
2005-12-28 Ulrich Drepper <drepper@redhat.com>
|
||||
|
||||
* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
|
||||
Don't do anything if audit_fd is invalid.
|
||||
(audit_init): Don't complain if kernel support is missing.
|
||||
Patch by Steve Grubb <sgrubb@redhat.com>.
|
||||
|
||||
* sysdeps/i386/__longjmp.S [PTR_DEMANGLE]: Also demangle stack
|
||||
pointer. Add CFI.
|
||||
* sysdeps/i386/bsd-_setjmp.S [PTR_MANGLE]: Also mangle stack pointer.
|
||||
|
@ -27,6 +27,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
#include <selinux/av_permissions.h>
|
||||
#include <selinux/avc.h>
|
||||
#include <selinux/flask.h>
|
||||
@ -114,11 +115,28 @@ static int audit_fd = -1;
|
||||
static void
|
||||
log_callback (const char *fmt, ...)
|
||||
{
|
||||
if (audit_fd >= 0)
|
||||
{
|
||||
va_list ap;
|
||||
|
||||
va_start (ap, fmt);
|
||||
audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap);
|
||||
|
||||
char *buf;
|
||||
int e = vasprintf (&buf, fmt, ap);
|
||||
if (e < 0)
|
||||
{
|
||||
buf = alloca (BUFSIZ);
|
||||
vsnprintf (buf, BUFSIZ, fmt, ap);
|
||||
}
|
||||
|
||||
/* FIXME: need to attribute this to real user, using getuid for now */
|
||||
audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
||||
NULL, getuid ());
|
||||
|
||||
if (e >= 0)
|
||||
free (buf);
|
||||
|
||||
va_end (ap);
|
||||
}
|
||||
}
|
||||
|
||||
/* Initialize the connection to the audit system */
|
||||
@ -126,7 +144,9 @@ static void
|
||||
audit_init (void)
|
||||
{
|
||||
audit_fd = audit_open ();
|
||||
if (audit_fd < 0)
|
||||
if (audit_fd < 0
|
||||
/* If kernel doesn't support audit, bail out */
|
||||
&& errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
|
||||
dbg_log (_("Failed opening connection to the audit subsystem"));
|
||||
}
|
||||
#endif /* HAVE_LIBAUDIT */
|
||||
|
Loading…
Reference in New Issue
Block a user