* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.

Don't do anything if audit_fd is invalid.
	(audit_init): Don't complain if kernel support is missing.
	Patch by Steve Grubb <sgrubb@redhat.com>.
This commit is contained in:
Ulrich Drepper 2005-12-29 01:09:00 +00:00
parent fec5592dbe
commit 62a8cefb90
2 changed files with 31 additions and 6 deletions

View File

@ -5,6 +5,11 @@
2005-12-28 Ulrich Drepper <drepper@redhat.com>
* nscd/selinux.c (log_callback): Use audit_log_user_avc_message.
Don't do anything if audit_fd is invalid.
(audit_init): Don't complain if kernel support is missing.
Patch by Steve Grubb <sgrubb@redhat.com>.
* sysdeps/i386/__longjmp.S [PTR_DEMANGLE]: Also demangle stack
pointer. Add CFI.
* sysdeps/i386/bsd-_setjmp.S [PTR_MANGLE]: Also mangle stack pointer.

View File

@ -27,6 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <unistd.h>
#include <selinux/av_permissions.h>
#include <selinux/avc.h>
#include <selinux/flask.h>
@ -114,11 +115,28 @@ static int audit_fd = -1;
static void
log_callback (const char *fmt, ...)
{
if (audit_fd >= 0)
{
va_list ap;
va_start (ap, fmt);
audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap);
char *buf;
int e = vasprintf (&buf, fmt, ap);
if (e < 0)
{
buf = alloca (BUFSIZ);
vsnprintf (buf, BUFSIZ, fmt, ap);
}
/* FIXME: need to attribute this to real user, using getuid for now */
audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
NULL, getuid ());
if (e >= 0)
free (buf);
va_end (ap);
}
}
/* Initialize the connection to the audit system */
@ -126,7 +144,9 @@ static void
audit_init (void)
{
audit_fd = audit_open ();
if (audit_fd < 0)
if (audit_fd < 0
/* If kernel doesn't support audit, bail out */
&& errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
dbg_log (_("Failed opening connection to the audit subsystem"));
}
#endif /* HAVE_LIBAUDIT */