@@ -438,6 +438,51 @@ void server_process_audit_message(
438438 process_audit_string (s , nl -> nlmsg_type , NLMSG_DATA (nl ), nl -> nlmsg_len - ALIGN (sizeof (struct nlmsghdr )), tv );
439439}
440440
441+ static int enable_audit (int fd , bool b ) {
442+ struct {
443+ union {
444+ struct nlmsghdr header ;
445+ uint8_t header_space [NLMSG_HDRLEN ];
446+ };
447+ struct audit_status body ;
448+ } _packed_ request = {
449+ .header .nlmsg_len = NLMSG_LENGTH (sizeof (struct audit_status )),
450+ .header .nlmsg_type = AUDIT_SET ,
451+ .header .nlmsg_flags = NLM_F_REQUEST ,
452+ .header .nlmsg_seq = 1 ,
453+ .header .nlmsg_pid = 0 ,
454+ .body .mask = AUDIT_STATUS_ENABLED ,
455+ .body .enabled = b ,
456+ };
457+ union sockaddr_union sa = {
458+ .nl .nl_family = AF_NETLINK ,
459+ .nl .nl_pid = 0 ,
460+ };
461+ struct iovec iovec = {
462+ .iov_base = & request ,
463+ .iov_len = NLMSG_LENGTH (sizeof (struct audit_status )),
464+ };
465+ struct msghdr mh = {
466+ .msg_iov = & iovec ,
467+ .msg_iovlen = 1 ,
468+ .msg_name = & sa .sa ,
469+ .msg_namelen = sizeof (sa .nl ),
470+ };
471+
472+ ssize_t n ;
473+
474+ n = sendmsg (fd , & mh , MSG_NOSIGNAL );
475+ if (n < 0 )
476+ return - errno ;
477+ if (n != NLMSG_LENGTH (sizeof (struct audit_status )))
478+ return - EIO ;
479+
480+ /* We don't wait for the result here, we can't do anything
481+ * about it anyway */
482+
483+ return 0 ;
484+ }
485+
441486int server_open_audit (Server * s ) {
442487 static const int one = 1 ;
443488 int r ;
@@ -479,5 +524,10 @@ int server_open_audit(Server *s) {
479524 return r ;
480525 }
481526
527+ /* We are listening now, try to enable audit */
528+ r = enable_audit (s -> audit_fd , true);
529+ if (r < 0 )
530+ log_warning ("Failed to issue audit enable call: %s" , strerror (- r ));
531+
482532 return 0 ;
483533}
0 commit comments