audit: improve the audit messages we generate

always pass along comm, as documented by audit. Always set the correct
comm value.

diff --git a/src/core/manager.c b/src/core/manager.c
index 2eab5530166e83b32f1cd34d9413705e0634deca..ef1e3eac5fba78e20d3f5127b3bb4c3098689e5d 100644 (file)
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2066,6 +2066,7 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
 
 #ifdef HAVE_AUDIT
         _cleanup_free_ char *p = NULL;
+        const char *msg;
         int audit_fd;
 
         audit_fd = get_audit_fd();
@@ -2085,17 +2086,18 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
 
         p = unit_name_to_prefix_and_instance(u->id);
         if (!p) {
-                log_error_unit(u->id,
-                               "Failed to allocate unit name for audit message: %s", strerror(ENOMEM));
+                log_oom();
                 return;
         }
 
-        if (audit_log_user_comm_message(audit_fd, type, "", p, NULL, NULL, NULL, success) < 0) {
-                if (errno == EPERM) {
+        msg = strappenda("unit=", p);
+
+        if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
+                if (errno == EPERM)
                         /* We aren't allowed to send audit messages?
                          * Then let's not retry again. */
                         close_audit_fd();
-                } else
+                else
                         log_warning("Failed to send audit message: %m");
         }
 #endif

diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c
index 31cae709509daf42edda515966654e034ee9db95..311d686a8cc3e654cca5271985ba5eea355909ce 100644 (file)
--- a/src/update-utmp/update-utmp.c
+++ b/src/update-utmp/update-utmp.c
@@ -131,7 +131,7 @@ static int on_reboot(Context *c) {
 
 #ifdef HAVE_AUDIT
         if (c->audit_fd >= 0)
-                if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "init", NULL, NULL, NULL, 1) < 0 &&
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
                     errno != EPERM) {
                         log_error("Failed to send audit message: %m");
                         r = -errno;
@@ -161,7 +161,7 @@ static int on_shutdown(Context *c) {
 
 #ifdef HAVE_AUDIT
         if (c->audit_fd >= 0)
-                if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "init", NULL, NULL, NULL, 1) < 0 &&
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
                     errno != EPERM) {
                         log_error("Failed to send audit message: %m");
                         r = -errno;
@@ -215,7 +215,7 @@ static int on_runlevel(Context *c) {
                              runlevel > 0 ? runlevel : 'N') < 0)
                         return log_oom();
 
-                if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, NULL, NULL, NULL, 1) < 0 &&
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
                     errno != EPERM) {
                         log_error("Failed to send audit message: %m");
                         r = -errno;