audit: disable if cannot create NETLINK_AUDIT socket

2016-09-28 18:26:25 +02:00 · 2016-09-28 18:26:25 +02:00 · f006b30bd5
parent 77531863ca
commit f006b30bd5
1 changed files with 5 additions and 2 deletions
--- a/src/basic/audit-util.c
+++ b/src/basic/audit-util.c
@ -92,8 +92,11 @@ bool use_audit(void) {
                int fd;

                fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
-                if (fd < 0)
-                        cached_use = errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT;
+                if (fd < 0) {
+                        cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
+                        if (errno == EPERM)
+                                log_debug_errno(errno, "Audit access prohibited, won't talk to audit");
+                }
                else {
                        cached_use = true;
                        safe_close(fd);