core: introduce ConditionSecurity=audit

And conditionalize journald audit support with it
author: Lennart Poettering <lennart@poettering.net> 2014-11-03 21:09:38 +0100
committer: Lennart Poettering <lennart@poettering.net> 2014-11-03 21:51:28 +0100
commit: cfb1f5df7ce6868d3edb7333591b91c9809d64d3 (patch)
tree: 44a3419d44887d8e5d046a1c54c69e624c0a5d42 /src/shared
parent: 875c2e220e2611165e09051c4747971811f1de58 (diff)
2 files changed, 20 insertions, 0 deletions
diff --git a/src/shared/audit.c b/src/shared/audit.c
index f10105082..4701c0a8d 100644
--- a/src/shared/audit.c
+++ b/src/shared/audit.c
@@ -80,3 +80,21 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
         *uid = (uid_t) u;
         return 0;
 }
+
+bool use_audit(void) {
+        static int cached_use = -1;
+
+        if (cached_use < 0) {
+                int fd;
+
+                fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
+                if (fd < 0)
+                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                else {
+                        cached_use = true;
+                        safe_close(fd);
+                }
+        }
+
+        return cached_use;
+}
diff --git a/src/shared/audit.h b/src/shared/audit.h
index 0effc0baa..b4aecffb3 100644
--- a/src/shared/audit.h
+++ b/src/shared/audit.h
@@ -27,3 +27,5 @@
 
 int audit_session_from_pid(pid_t pid, uint32_t *id);
 int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
+
+bool use_audit(void);
author	Lennart Poettering <lennart@poettering.net>	2014-11-03 21:09:38 +0100
committer	Lennart Poettering <lennart@poettering.net>	2014-11-03 21:51:28 +0100
commit	cfb1f5df7ce6868d3edb7333591b91c9809d64d3 (patch)
tree	44a3419d44887d8e5d046a1c54c69e624c0a5d42 /src/shared
parent	875c2e220e2611165e09051c4747971811f1de58 (diff)