X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Faudit.c;h=4701c0a8de856548d1eb7b8e0d31dd9304636872;hb=b5884878a2874447b2a9f07f324a7cd909d96d48;hp=e5c483ab084a91622b2f44e845cd1e13778f32d9;hpb=5430f7f2bc7330f3088b894166bf3524a067e3d8;p=elogind.git

diff --git a/src/shared/audit.c b/src/shared/audit.c
index e5c483ab0..4701c0a8d 100644
--- a/src/shared/audit.c
+++ b/src/shared/audit.c
@@ -26,93 +26,75 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <ctype.h>
-#include <sys/prctl.h>
-#include <sys/capability.h>
 
 #include "macro.h"
 #include "audit.h"
 #include "util.h"
 #include "log.h"
+#include "fileio.h"
+#include "virt.h"
 
 int audit_session_from_pid(pid_t pid, uint32_t *id) {
-        char *s;
+        _cleanup_free_ char *s = NULL;
+        const char *p;
         uint32_t u;
         int r;
 
         assert(id);
 
-        if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
-                return -ENOENT;
-
-        if (pid == 0)
-                r = read_one_line_file("/proc/self/sessionid", &s);
-        else {
-                char *p;
-
-                if (asprintf(&p, "/proc/%lu/sessionid", (unsigned long) pid) < 0)
-                        return -ENOMEM;
-
-                r = read_one_line_file(p, &s);
-                free(p);
-        }
+        p = procfs_file_alloca(pid, "sessionid");
 
+        r = read_one_line_file(p, &s);
         if (r < 0)
                 return r;
 
         r = safe_atou32(s, &u);
-        free(s);
-
         if (r < 0)
                 return r;
 
         if (u == (uint32_t) -1 || u <= 0)
-                return -ENOENT;
+                return -ENXIO;
 
         *id = u;
         return 0;
 }
 
 int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
-        char *s;
+        _cleanup_free_ char *s = NULL;
+        const char *p;
         uid_t u;
         int r;
 
         assert(uid);
 
-        /* Only use audit login uid if we are executed with sufficient
-         * capabilities so that pam_loginuid could do its job. If we
-         * are lacking the CAP_AUDIT_CONTROL capabality we most likely
-         * are being run in a container and /proc/self/loginuid is
-         * useless since it probably contains a uid of the host
-         * system. */
-
-        if (have_effective_cap(CAP_AUDIT_CONTROL) <= 0)
-                return -ENOENT;
-
-        if (pid == 0)
-                r = read_one_line_file("/proc/self/loginuid", &s);
-        else {
-                char *p;
-
-                if (asprintf(&p, "/proc/%lu/loginuid", (unsigned long) pid) < 0)
-                        return -ENOMEM;
-
-                r = read_one_line_file(p, &s);
-                free(p);
-        }
+        p = procfs_file_alloca(pid, "loginuid");
 
+        r = read_one_line_file(p, &s);
         if (r < 0)
                 return r;
 
         r = parse_uid(s, &u);
-        free(s);
-
         if (r < 0)
                 return r;
 
-        if (u == (uid_t) -1)
-                return -ENOENT;
-
         *uid = (uid_t) u;
         return 0;
 }
+
+bool use_audit(void) {
+        static int cached_use = -1;
+
+        if (cached_use < 0) {
+                int fd;
+
+                fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
+                if (fd < 0)
+                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                else {
+                        cached_use = true;
+                        safe_close(fd);
+                }
+        }
+
+        return cached_use;
+}