diff options
Diffstat (limited to 'logd/main.cpp')
| -rw-r--r-- | logd/main.cpp | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/logd/main.cpp b/logd/main.cpp index 8792d3224..83ec6c0aa 100644 --- a/logd/main.cpp +++ b/logd/main.cpp @@ -34,6 +34,7 @@ #include "CommandListener.h" #include "LogBuffer.h" #include "LogListener.h" +#include "LogAudit.h" static int drop_privs() { struct sched_param param; @@ -63,7 +64,10 @@ static int drop_privs() { capheader.pid = 0; capdata[CAP_TO_INDEX(CAP_SYSLOG)].permitted = CAP_TO_MASK(CAP_SYSLOG); - capdata[CAP_TO_INDEX(CAP_SYSLOG)].effective = CAP_TO_MASK(CAP_SYSLOG); + capdata[CAP_TO_INDEX(CAP_AUDIT_CONTROL)].permitted |= CAP_TO_MASK(CAP_AUDIT_CONTROL); + + capdata[0].effective = capdata[0].permitted; + capdata[1].effective = capdata[1].permitted; capdata[0].inheritable = 0; capdata[1].inheritable = 0; @@ -127,6 +131,16 @@ int main() { exit(1); } + // LogAudit listens on NETLINK_AUDIT socket for selinux + // initiated log messages. New log entries are added to LogBuffer + // and LogReader is notified to send updates to connected clients. + + // failure is an option ... messages are in dmesg (required by standard) + LogAudit *al = new LogAudit(logBuf, reader); + if (al->startListener()) { + delete al; + } + pause(); exit(0); } |