core: do not fail in a container if we can't use setgroups

[elogind.git] / src / basic / audit-util.c

diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c
index d0a061abc06530d5eec679119d55402144aadbdc..2b557839446d87d49704b9db5aa4085748dd061a 100644 (file)
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@@ -1,5 +1,3 @@
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
 /***
   This file is part of systemd.
 
@@ -20,7 +18,9 @@
 ***/
 
 #include <errno.h>
+#include <linux/netlink.h>
 #include <stdio.h>
+#include <sys/socket.h>
 
 #include "alloc-util.h"
 #include "audit-util.h"
@@ -30,7 +30,6 @@
 #include "parse-util.h"
 #include "process-util.h"
 #include "user-util.h"
-#include "util.h"
 
 int audit_session_from_pid(pid_t pid, uint32_t *id) {
         _cleanup_free_ char *s = NULL;
@@ -94,8 +93,11 @@ bool use_audit(void) {
                 int fd;
 
                 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
-                if (fd < 0)
-                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                if (fd < 0) {
+                        cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
+                        if (errno == EPERM)
+                                log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
+                }
                 else {
                         cached_use = true;
                         safe_close(fd);