audit: disable if cannot create NETLINK_AUDIT socket

author Giuseppe Scrivano <gscrivan@redhat.com>

Wed, 28 Sep 2016 16:26:25 +0000 (18:26 +0200)

committer Giuseppe Scrivano <gscrivan@redhat.com>

Thu, 6 Oct 2016 09:49:00 +0000 (11:49 +0200)
author Giuseppe Scrivano <gscrivan@redhat.com>
Wed, 28 Sep 2016 16:26:25 +0000 (18:26 +0200)
committer Giuseppe Scrivano <gscrivan@redhat.com>
Thu, 6 Oct 2016 09:49:00 +0000 (11:49 +0200)
diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c

index 5741fecdd67edbc7bb8aee0045cee804e415c000..d1c969597373b8e98283ada344907a627d85de12 100644 (file)
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@@ -92,8 +92,11 @@ bool use_audit(void) {
                  int fd;
  
                  fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
-                if (fd < 0)
-                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                if (fd < 0) {
+                        cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
+                        if (errno == EPERM)
+                                log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
+                }
                  else {
                          cached_use = true;
                          safe_close(fd);
author	Giuseppe Scrivano <gscrivan@redhat.com>
	Wed, 28 Sep 2016 16:26:25 +0000 (18:26 +0200)
committer	Giuseppe Scrivano <gscrivan@redhat.com>
	Thu, 6 Oct 2016 09:49:00 +0000 (11:49 +0200)