* configure.in: Add test for availability of libaudit.

* config.h.in: Define HAVE_LIBAUDIT. * config.make.in: Define have-libaudit. * nscd/Makefile: If libaudit is available, link nscd with it. * nscd/selinux.c: If HAVE_LIBAUDIT is defined, log using libaudit. Patch by Steve Grubb <sgrubb@redhat.com>.
21 years ago · ec23b9bece
6 changed files with 67 additions and 1 deletions
--- a/7
+++ b/7
@ -1,5 +1,12 @@
 2005-06-14  Ulrich Drepper  <drepper@redhat.com>

+	* configure.in: Add test for availability of libaudit.
+	* config.h.in: Define HAVE_LIBAUDIT.
+	* config.make.in: Define have-libaudit.
+	* nscd/Makefile: If libaudit is available, link nscd with it.
+	* nscd/selinux.c: If HAVE_LIBAUDIT is defined, log using libaudit.
+	Patch by Steve Grubb <sgrubb@redhat.com>.
+
 	* debug/pread64_chk.c: Use __libc_pread64 instead of __pread64.
 	* sysdeps/posix/posix_fallocate64.c: Likewise.
 	* include/string.h: Use libc_hidden_proto for strnlen.
--- a/config.h.in
+++ b/config.h.in
@ -21,6 +21,9 @@
 /* Define if building with SELinux support.  Set by --with-selinux.  */
 #undef	HAVE_SELINUX

+/* Defined if building with SELinux support & audit libs are detected. */
+#undef	HAVE_LIBAUDIT
+
 /* Define if using XCOFF. Set by --with-xcoff.  */
 #undef	HAVE_XCOFF

--- a/config.make.in
+++ b/config.make.in
@ -59,6 +59,7 @@ enable-check-abi = @enable_check_abi@
 have-forced-unwind = @libc_cv_forced_unwind@
 have-fpie = @libc_cv_fpie@
 have-selinux = @have_selinux@
+have-libaudit = @have_libaudit@
 have-cc-with-libunwind = @libc_cv_cc_with_libunwind@
 fno-unit-at-a-time = @fno_unit_at_a_time@
 bind-now = @bindnow@
--- a/configure.in
+++ b/configure.in
@ -1938,6 +1938,14 @@ fi
 # Check if we're building with SELinux support.
 if test "x$have_selinux" = xyes; then
  AC_DEFINE(HAVE_SELINUX,1,[SELinux support])
+
+  # See if we have the libaudit library
+  AC_CHECK_LIB(audit, audit_log_avc,
+              have_libaudit=yes, have_libaudit=no)
+  if test "x$have_libaudit" = xyes; then
+    AC_DEFINE(HAVE_LIBAUDIT,1,[SELinux libaudit support])
+  fi
+  AC_SUBST(have_libaudit)
 fi
 AC_SUBST(have_selinux)

--- a/nscd/Makefile
+++ b/nscd/Makefile
@ -53,8 +53,12 @@ endif

 all-nscd-modules := $(nscd-modules) selinux
 ifeq (yes,$(have-selinux))
+ifeq (yes,$(have-libaudit))
+libaudit = -laudit
+endif
+
 nscd-modules += selinux
-selinux-LIBS := -lselinux
+selinux-LIBS := -lselinux $(libaudit)
 endif

 LDLIBS-nscd = $(selinux-LIBS)
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@ -18,6 +18,7 @@
   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
   02111-1307 USA.  */

+#include "config.h"
 #include <error.h>
 #include <errno.h>
 #include <libintl.h>
@ -30,6 +31,9 @@
 #include <selinux/avc.h>
 #include <selinux/flask.h>
 #include <selinux/selinux.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif

 #include "dbg_log.h"
 #include "selinux.h"
@ -66,6 +70,11 @@ static struct avc_entry_ref aeref;
 /* Thread to listen for SELinux status changes via netlink.  */
 static pthread_t avc_notify_thread;

+#ifdef HAVE_LIBAUDIT
+/* Prototype for supporting the audit daemon */
+static void log_callback (const char *fmt, ...);
+#endif
+
 /* Prototypes for AVC callback functions.  */
 static void *avc_create_thread (void (*run) (void));
 static void avc_stop_thread (void *thread);
@ -77,7 +86,11 @@ static void avc_free_lock (void *lock);
 /* AVC callback structures for use in avc_init.  */
 static const struct avc_log_callback log_cb =
 {
+#ifdef HAVE_LIBAUDIT
+  .func_log = log_callback,
+#else
  .func_log = dbg_log,
+#endif
  .func_audit = NULL
 };
 static const struct avc_thread_callback thread_cb =
@ -93,6 +106,30 @@ static const struct avc_lock_callback lock_cb =
  .func_free_lock = avc_free_lock
 };

+#ifdef HAVE_LIBAUDIT
+/* The audit system's netlink socket descriptor */
+static int audit_fd = -1;
+
+/* When an avc denial occurs, log it to audit system */
+static void 
+log_callback (const char *fmt, ...)
+{
+  va_list ap;
+
+  va_start (ap, fmt);
+  audit_log_avc (audit_fd, AUDIT_USER_AVC, fmt, ap);
+  va_end (ap);
+}
+
+/* Initialize the connection to the audit system */
+static void 
+audit_init (void)
+{
+  audit_fd = audit_open ();
+  if (audit_fd < 0)
+     dbg_log (_("Failed opening connection to the audit subsystem"));
+}
+#endif /* HAVE_LIBAUDIT */

 /* Determine if we are running on an SELinux kernel. Set selinux_enabled
   to the result.  */
@ -182,6 +219,9 @@ nscd_avc_init (void)
    error (EXIT_FAILURE, errno, _("Failed to start AVC"));
  else
    dbg_log (_("Access Vector Cache (AVC) started"));
+#ifdef HAVE_LIBAUDIT
+  audit_init ();
+#endif
 }


@ -262,6 +302,9 @@ void
 nscd_avc_destroy (void)
 {
  avc_destroy ();
+#ifdef HAVE_LIBAUDIT
+  audit_close (audit_fd);
+#endif
 }

 #endif /* HAVE_SELINUX */