diff options
| author | Gary Tierney <gary.tierney@gmx.com> | 2017-05-02 21:05:32 +0100 |
|---|---|---|
| committer | Gary Tierney <gary.tierney@gmx.com> | 2017-05-12 14:43:39 +0100 |
| commit | b3fb3c01eeedd1995c74dbe30fe33f189bc828e2 (patch) | |
| tree | 452ddad92a1ad58b95a59776e91f05c4cb2f46da /src/core/audit-fd.c | |
| parent | 6d395665e5ce7b64f3de4c9550c0779843e6cc44 (diff) | |
| download | systemd-b3fb3c01eeedd1995c74dbe30fe33f189bc828e2.tar.gz | |
audit-fd: check for CAP_AUDIT_WRITE before opening an audit socket
Adds a check to audit-fd.c to ensure that CAP_AUDIT_WRITE is present in
the set of effective capabilities before opening an audit netlink
socket. This ensures that unprivileged systemd instances (MANAGER_USER)
don't try to log AVC permission checks with the audit subsystem when
CAP_AUDIT_WRITE is not present.
Diffstat (limited to 'src/core/audit-fd.c')
| -rw-r--r-- | src/core/audit-fd.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/audit-fd.c b/src/core/audit-fd.c index 76afe3fe15..a91906b626 100644 --- a/src/core/audit-fd.c +++ b/src/core/audit-fd.c @@ -27,6 +27,7 @@ #include <libaudit.h> #include <stdbool.h> +#include "capability-util.h" #include "fd-util.h" #include "log.h" #include "util.h" @@ -37,6 +38,13 @@ static int audit_fd; int get_audit_fd(void) { if (!initialized) { + if (have_effective_cap(CAP_AUDIT_WRITE) == 0) { + audit_fd = -EPERM; + initialized = true; + + return audit_fd; + } + audit_fd = audit_open(); if (audit_fd < 0) { |