From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 3 Nov 2014 23:47:44 +0000 (+0100)
Subject: audit: improve the audit messages we generate
X-Git-Tag: v218~579
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=0aa281df2c5f56623abddf25d6bcdb82b641aeb2;hp=0b97208d8c39131f8a7cfcfccb5c40b86af44ee5

audit: improve the audit messages we generate

always pass along comm, as documented by audit. Always set the correct
comm value.
---

diff --git a/src/core/manager.c b/src/core/manager.c
index 2eab55301..ef1e3eac5 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2066,6 +2066,7 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
 
 #ifdef HAVE_AUDIT
         _cleanup_free_ char *p = NULL;
+        const char *msg;
         int audit_fd;
 
         audit_fd = get_audit_fd();
@@ -2085,17 +2086,18 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
 
         p = unit_name_to_prefix_and_instance(u->id);
         if (!p) {
-                log_error_unit(u->id,
-                               "Failed to allocate unit name for audit message: %s", strerror(ENOMEM));
+                log_oom();
                 return;
         }
 
-        if (audit_log_user_comm_message(audit_fd, type, "", p, NULL, NULL, NULL, success) < 0) {
-                if (errno == EPERM) {
+        msg = strappenda("unit=", p);
+
+        if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
+                if (errno == EPERM)
                         /* We aren't allowed to send audit messages?
                          * Then let's not retry again. */
                         close_audit_fd();
-                } else
+                else
                         log_warning("Failed to send audit message: %m");
         }
 #endif
diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c
index 31cae7095..311d686a8 100644
--- a/src/update-utmp/update-utmp.c
+++ b/src/update-utmp/update-utmp.c
@@ -131,7 +131,7 @@ static int on_reboot(Context *c) {
 
 #ifdef HAVE_AUDIT
         if (c->audit_fd >= 0)
-                if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "init", NULL, NULL, NULL, 1) < 0 &&
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
                     errno != EPERM) {
                         log_error("Failed to send audit message: %m");
                         r = -errno;
@@ -161,7 +161,7 @@ static int on_shutdown(Context *c) {
 
 #ifdef HAVE_AUDIT
         if (c->audit_fd >= 0)
-                if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "init", NULL, NULL, NULL, 1) < 0 &&
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
                     errno != EPERM) {
                         log_error("Failed to send audit message: %m");
                         r = -errno;
@@ -215,7 +215,7 @@ static int on_runlevel(Context *c) {
                              runlevel > 0 ? runlevel : 'N') < 0)
                         return log_oom();
 
-                if (audit_log_user_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, NULL, NULL, NULL, 1) < 0 &&
+                if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_RUNLEVEL, s, "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
                     errno != EPERM) {
                         log_error("Failed to send audit message: %m");
                         r = -errno;