From a04fa92ef5cca95a60e4e9e09a31300257b90259 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 28 Sep 2016 18:26:25 +0200
Subject: [PATCH] audit: disable if cannot create NETLINK_AUDIT socket

---
 src/basic/audit-util.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c
index 7c6f890cb..2b5578394 100644
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@@ -93,8 +93,11 @@ bool use_audit(void) {
                 int fd;
 
                 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
-                if (fd < 0)
-                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                if (fd < 0) {
+                        cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
+                        if (errno == EPERM)
+                                log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
+                }
                 else {
                         cached_use = true;
                         safe_close(fd);
-- 
2.30.2