audit: disable if cannot create NETLINK_AUDIT socket

author Giuseppe Scrivano <gscrivan@redhat.com>

Wed, 28 Sep 2016 16:26:25 +0000 (18:26 +0200)

committer Sven Eden <yamakuzure@gmx.net>

Wed, 5 Jul 2017 06:50:54 +0000 (08:50 +0200)
author Giuseppe Scrivano <gscrivan@redhat.com>
Wed, 28 Sep 2016 16:26:25 +0000 (18:26 +0200)
committer Sven Eden <yamakuzure@gmx.net>
Wed, 5 Jul 2017 06:50:54 +0000 (08:50 +0200)
diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c

index 7c6f890cb253e9196953656ec42bae820eec0e88..2b557839446d87d49704b9db5aa4085748dd061a 100644 (file)
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@@ -93,8 +93,11 @@ bool use_audit(void) {
                  int fd;
  
                  fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
-                if (fd < 0)
-                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                if (fd < 0) {
+                        cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
+                        if (errno == EPERM)
+                                log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
+                }
                  else {
                          cached_use = true;
                          safe_close(fd);
author	Giuseppe Scrivano <gscrivan@redhat.com>
	Wed, 28 Sep 2016 16:26:25 +0000 (18:26 +0200)
committer	Sven Eden <yamakuzure@gmx.net>
	Wed, 5 Jul 2017 06:50:54 +0000 (08:50 +0200)