mirror of
https://github.com/morgan9e/systemd
synced 2026-04-15 00:47:10 +09:00
build: make libaudit dep dlopen()
This commit is contained in:
Lennart Poettering
@@ -1187,6 +1187,7 @@ conf.set10('HAVE_ACL', libacl.found())
|
||||
libaudit = dependency('audit',
|
||||
required : get_option('audit'))
|
||||
conf.set10('HAVE_AUDIT', libaudit.found())
|
||||
libaudit_cflags = libaudit.partial_dependency(includes: true, compile_args: true)
|
||||
|
||||
libblkid = dependency('blkid',
|
||||
required : get_option('blkid'))
|
||||
|
||||
@@ -3417,7 +3417,7 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
|
||||
}
|
||||
|
||||
msg = strjoina("unit=", p);
|
||||
if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
|
||||
if (sym_audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
|
||||
if (ERRNO_IS_PRIVILEGE(errno)) {
|
||||
/* We aren't allowed to send audit messages? Then let's not retry again. */
|
||||
log_debug_errno(errno, "Failed to send audit message, closing audit socket: %m");
|
||||
|
||||
@@ -132,7 +132,7 @@ libcore_static = static_library(
|
||||
implicit_include_directories : false,
|
||||
c_args : ['-fvisibility=default'],
|
||||
dependencies : [libacl,
|
||||
libaudit,
|
||||
libaudit_cflags,
|
||||
libblkid,
|
||||
libdl,
|
||||
libm,
|
||||
|
||||
@@ -121,9 +121,9 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
|
||||
|
||||
if (r >= 0) {
|
||||
if (type == SELINUX_AVC)
|
||||
audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, getuid());
|
||||
sym_audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, getuid());
|
||||
else if (type == SELINUX_ERROR)
|
||||
audit_log_user_avc_message(fd, AUDIT_USER_SELINUX_ERR, buf, NULL, NULL, NULL, getuid());
|
||||
sym_audit_log_user_avc_message(fd, AUDIT_USER_SELINUX_ERR, buf, NULL, NULL, NULL, getuid());
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -11,6 +11,33 @@
|
||||
#include "log.h"
|
||||
#include "socket-util.h"
|
||||
|
||||
#if HAVE_AUDIT
|
||||
static void *libaudit_dl = NULL;
|
||||
|
||||
static DLSYM_PROTOTYPE(audit_close) = NULL;
|
||||
DLSYM_PROTOTYPE(audit_log_acct_message) = NULL;
|
||||
DLSYM_PROTOTYPE(audit_log_user_avc_message) = NULL;
|
||||
DLSYM_PROTOTYPE(audit_log_user_comm_message) = NULL;
|
||||
static DLSYM_PROTOTYPE(audit_open) = NULL;
|
||||
|
||||
int dlopen_libaudit(void) {
|
||||
ELF_NOTE_DLOPEN("libaudit",
|
||||
"Support for Audit loggging",
|
||||
ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED,
|
||||
"libaudit.so.1");
|
||||
|
||||
return dlopen_many_sym_or_warn(
|
||||
&libaudit_dl,
|
||||
"libaudit.so.1",
|
||||
LOG_DEBUG,
|
||||
DLSYM_ARG(audit_close),
|
||||
DLSYM_ARG(audit_log_acct_message),
|
||||
DLSYM_ARG(audit_log_user_avc_message),
|
||||
DLSYM_ARG(audit_log_user_comm_message),
|
||||
DLSYM_ARG(audit_open));
|
||||
}
|
||||
#endif
|
||||
|
||||
static int try_audit_request(int fd) {
|
||||
struct iovec iov;
|
||||
struct msghdr mh;
|
||||
@@ -56,6 +83,9 @@ bool use_audit(void) {
|
||||
if (cached_use >= 0)
|
||||
return cached_use;
|
||||
|
||||
if (dlopen_libaudit() < 0)
|
||||
return (cached_use = false);
|
||||
|
||||
_cleanup_close_ int fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
|
||||
if (fd < 0) {
|
||||
cached_use = !ERRNO_IS_PRIVILEGE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno);
|
||||
@@ -87,7 +117,7 @@ bool use_audit(void) {
|
||||
int close_audit_fd(int fd) {
|
||||
#if HAVE_AUDIT
|
||||
if (fd >= 0)
|
||||
audit_close(fd);
|
||||
sym_audit_close(fd);
|
||||
#else
|
||||
assert(fd < 0);
|
||||
#endif
|
||||
@@ -96,8 +126,14 @@ int close_audit_fd(int fd) {
|
||||
|
||||
int open_audit_fd_or_warn(void) {
|
||||
#if HAVE_AUDIT
|
||||
int r;
|
||||
|
||||
r = dlopen_libaudit();
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* If the kernel lacks netlink or audit support, don't worry about it. */
|
||||
int fd = audit_open();
|
||||
int fd = sym_audit_open();
|
||||
if (fd < 0)
|
||||
return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING,
|
||||
errno, "Failed to connect to audit log, ignoring: %m");
|
||||
|
||||
@@ -1,11 +1,19 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#include "forward.h"
|
||||
|
||||
#if HAVE_AUDIT
|
||||
# include <libaudit.h> /* IWYU pragma: export */
|
||||
#endif
|
||||
|
||||
#include "forward.h"
|
||||
# include "dlfcn-util.h"
|
||||
|
||||
extern DLSYM_PROTOTYPE(audit_log_acct_message);
|
||||
extern DLSYM_PROTOTYPE(audit_log_user_avc_message);
|
||||
extern DLSYM_PROTOTYPE(audit_log_user_comm_message);
|
||||
|
||||
int dlopen_libaudit(void);
|
||||
#endif
|
||||
|
||||
bool use_audit(void);
|
||||
|
||||
|
||||
@@ -312,7 +312,7 @@ libshared_name = 'systemd-shared-@0@'.format(shared_lib_tag)
|
||||
|
||||
libshared_deps = [threads,
|
||||
libacl,
|
||||
libaudit,
|
||||
libaudit_cflags,
|
||||
libblkid,
|
||||
libcap,
|
||||
libcrypt,
|
||||
|
||||
@@ -9,7 +9,7 @@ executables += [
|
||||
'name' : 'systemd-sysusers',
|
||||
'public' : true,
|
||||
'sources' : files('sysusers.c'),
|
||||
'dependencies' : libaudit,
|
||||
'dependencies' : libaudit_cflags,
|
||||
},
|
||||
executable_template + {
|
||||
'name' : 'systemd-sysusers.standalone',
|
||||
@@ -22,6 +22,6 @@ executables += [
|
||||
libshared_static,
|
||||
libsystemd_static,
|
||||
],
|
||||
'dependencies' : libaudit,
|
||||
'dependencies' : libaudit_cflags,
|
||||
},
|
||||
]
|
||||
|
||||
@@ -202,7 +202,7 @@ static void log_audit_accounts(Context *c, ItemType what) {
|
||||
*/
|
||||
|
||||
ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids)
|
||||
audit_log_acct_message(
|
||||
sym_audit_log_acct_message(
|
||||
c->audit_fd,
|
||||
type,
|
||||
program_invocation_short_name,
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
#include "gcrypt-util.h"
|
||||
#include "idn-util.h"
|
||||
#include "libarchive-util.h"
|
||||
#include "libaudit-util.h"
|
||||
#include "libfido2-util.h"
|
||||
#include "main-func.h"
|
||||
#include "module-util.h"
|
||||
@@ -48,6 +49,7 @@ static int run(int argc, char **argv) {
|
||||
ASSERT_DLOPEN(dlopen_gcrypt, HAVE_GCRYPT);
|
||||
ASSERT_DLOPEN(dlopen_libkmod, HAVE_KMOD);
|
||||
ASSERT_DLOPEN(dlopen_libapparmor, HAVE_APPARMOR);
|
||||
ASSERT_DLOPEN(dlopen_libaudit, HAVE_AUDIT);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -5,6 +5,6 @@ executables += [
|
||||
'name' : 'systemd-update-utmp',
|
||||
'conditions' : ['ENABLE_UTMP'],
|
||||
'sources' : files('update-utmp.c'),
|
||||
'dependencies' : libaudit,
|
||||
'dependencies' : libaudit_cflags,
|
||||
},
|
||||
]
|
||||
|
||||
@@ -60,7 +60,7 @@ static int on_reboot(int argc, char *argv[], void *userdata) {
|
||||
|
||||
#if HAVE_AUDIT
|
||||
if (c->audit_fd >= 0)
|
||||
if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
|
||||
if (sym_audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
|
||||
errno != EPERM)
|
||||
q = log_error_errno(errno, "Failed to send audit message: %m");
|
||||
#endif
|
||||
@@ -89,7 +89,7 @@ static int on_shutdown(int argc, char *argv[], void *userdata) {
|
||||
Context *c = ASSERT_PTR(userdata);
|
||||
|
||||
if (c->audit_fd >= 0)
|
||||
if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
|
||||
if (sym_audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
|
||||
errno != EPERM)
|
||||
q = log_error_errno(errno, "Failed to send audit message: %m");
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user