diff options
author | Thomas Haller <thaller@redhat.com> | 2015-08-04 13:11:36 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2015-08-04 13:44:55 +0200 |
commit | c4c0bbb28c9c75d14e2a03d713723afb8d395ccb (patch) | |
tree | 10b1a4f41a4614f6f220ca16f304a5e4757ad738 | |
parent | 1bebb918600374d4d2be2f53fb3fc62b5ea6e098 (diff) | |
download | NetworkManager-c4c0bbb28c9c75d14e2a03d713723afb8d395ccb.tar.gz |
audit-manager: enable logging.audit by default when libaudit support is available
Previously, when compiling NetworkManager with libaudit support, it
was disabled by default and only used after setting logging.audit=true.
Turn that around. If we compile NetworkManager with audit support, we also
enable it by default. The user can then explicitly disable it by
configuring logging.audit in NetworkManager.conf.
But also, add a configure option 'yes-disabled-by-default' to compile
with audit support, but have it disabled by default. This would be the
previous behavior, but it must be enabled explicitly.
Fixes: be49a59fb649d7383b456403deb323a2eb9dab4b
-rw-r--r-- | configure.ac | 20 | ||||
-rw-r--r-- | man/NetworkManager.conf.xml.in | 2 | ||||
-rw-r--r-- | src/nm-audit-manager.c | 3 |
3 files changed, 18 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index ed973998e6..5c0d487961 100644 --- a/configure.ac +++ b/configure.ac @@ -495,20 +495,30 @@ else fi # libaudit support -AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit=yes|no|auto], [Build with audit daemon support (default: auto)]),,[with_libaudit=auto]) -if test "$with_libaudit" = "yes" -o "$with_libaudit" = "auto"; then +AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit=yes|yes-disabled-by-default|no|auto], [Build with audit daemon support (default: auto). yes-disabled-by-default enables support, but disables it unless explicitly configured via NetworkManager.conf]),,[with_libaudit=auto]) +if test "$with_libaudit" = "yes" -o test "$with_libaudit" = "yes-disabled-by-default"-o "$with_libaudit" = "auto"; then PKG_CHECK_MODULES(LIBAUDIT, audit, [have_libaudit=yes], [have_libaudit=no]) + if test "$with_libaudit" != "auto" -a "$have_libaudit" = "no"; then + AC_MSG_ERROR([You must have libaudit installed to build --with-libaudit=$with_libaudit.]) + fi else have_libaudit=no fi -if test "$with_libaudit" = "yes" -a "$have_libaudit" = "no"; then - AC_MSG_ERROR([You must have libaudit installed to build --with-libaudit=yes.]) -fi if test "$have_libaudit" = "yes"; then AC_DEFINE(HAVE_LIBAUDIT, 1, [Define if you have libaudit support]) + if test "$with_libaudit" = "yes-disabled-by-default"; then + AC_DEFINE(NM_CONFIG_DEFAULT_LOGGING_AUDIT, FALSE, [The default value of the logging.audit configuration option]) + NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT='false' + else + AC_DEFINE(NM_CONFIG_DEFAULT_LOGGING_AUDIT, TRUE, [The default value of the logging.audit configuration option]) + NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT='true' + fi else AC_DEFINE(HAVE_LIBAUDIT, 0, [Define if you have libaudit support]) + AC_DEFINE(NM_CONFIG_DEFAULT_LOGGING_AUDIT, FALSE, [The default value of the logging.audit configuration option]) + NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT='false' fi +AC_SUBST(NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT) # libnl support for the linux platform PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0) diff --git a/man/NetworkManager.conf.xml.in b/man/NetworkManager.conf.xml.in index 30faab4d54..890dcce02d 100644 --- a/man/NetworkManager.conf.xml.in +++ b/man/NetworkManager.conf.xml.in @@ -491,7 +491,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth auditd, the audit daemon. If <literal>false</literal>, audit records will be sent only to the NetworkManager logging system. If set to <literal>true</literal>, they will be also - sent to auditd. The default value is <literal>false</literal>. + sent to auditd. The default value is <literal>@NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT@</literal>. </para></listitem> </varlistentry> </variablelist> diff --git a/src/nm-audit-manager.c b/src/nm-audit-manager.c index 22ebf3b054..bc870128b7 100644 --- a/src/nm-audit-manager.c +++ b/src/nm-audit-manager.c @@ -290,7 +290,8 @@ init_auditd (NMAuditManager *self) NMConfigData *data = nm_config_get_data (priv->config); if (nm_config_data_get_value_boolean (data, NM_CONFIG_KEYFILE_GROUP_LOGGING, - NM_CONFIG_KEYFILE_KEY_AUDIT, FALSE)) { + NM_CONFIG_KEYFILE_KEY_AUDIT, + NM_CONFIG_DEFAULT_LOGGING_AUDIT)) { if (priv->auditd_fd < 0) { priv->auditd_fd = audit_open (); if (priv->auditd_fd < 0) { |