[PATCH] Have auditctl check the capability rather than the uid if we were compiled with cap-ng support. Check the euid rather than uid if we were compiled without cap-ng support
This is against the 2.2 release. I wasn't able to get HEAD to compile
(issues with mounttab.h that didn't want to run down because this is
such a small patch).
Signed-off-by: Peter Moody <pmoody(a)google.com>
---
trunk/src/Makefile.am | 2 +-
trunk/src/auditctl.c | 11 +++++++++--
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/trunk/src/Makefile.am b/trunk/src/Makefile.am
index d321233..e36bc9f 100644
--- a/trunk/src/Makefile.am
+++ b/trunk/src/Makefile.am
@@ -25,7 +25,7 @@ AUTOMAKE_OPTIONS = no-dependencies
SUBDIRS = test
INCLUDES = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src/libev
sbin_PROGRAMS = auditd auditctl aureport ausearch autrace
-LIBS = -Lmt -lauditmt -lpthread
+LIBS = -Lmt -lauditmt -lpthread $(CAPNG_LDADD)
AM_LDFLAGS = -pthread
AM_CFLAGS = -D_REENTRANT -D_GNU_SOURCE -pthread
noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h
ausearch-llist.h ausearch-options.h auditctl-llist.h
aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h
ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h
ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h
diff --git a/trunk/src/auditctl.c b/trunk/src/auditctl.c
index d3643fb..936a1a0 100644
--- a/trunk/src/auditctl.c
+++ b/trunk/src/auditctl.c
@@ -36,6 +36,9 @@
#include <errno.h>
#include <libgen.h> /* For basename */
#include <limits.h> /* PATH_MAX */
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
#include "libaudit.h"
#include "private.h"
@@ -1160,9 +1163,13 @@ int main(int argc, char *argv[])
return 1;
}
#ifndef DEBUG
+#ifdef HAVE_LIBCAP_NG
+ /* Make sure we have the approprirate capabilities */
+ if (capng_have_capability(CAPNG_PERMITTED, CAP_AUDIT_CONTROL) != 1) {
+#else
/* Make sure we are root */
- if (getuid() != 0) {
+ if (geteuid() != 0) {
+#endif
fprintf(stderr, "You must be root to run this program.\n");
return 4;
}
--
1.7.7.3
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038