summaryrefslogtreecommitdiff
path: root/usr/src/cmd
diff options
context:
space:
mode:
authorAlbert Lee <trisk@omniti.com>2015-02-17 15:06:48 +0300
committerRobert Mustacchi <rm@joyent.com>2015-02-25 18:23:11 -0800
commitda5086c104e170d3832a3e1782dc8617061c7fc6 (patch)
tree1ef95551916ee3e7c36deb1f49cdec99d3fc1f2d /usr/src/cmd
parentce926fbb3eac0337e32c8855d5843ab73a07c345 (diff)
downloadillumos-gate-da5086c104e170d3832a3e1782dc8617061c7fc6.tar.gz
443 auditset SMF not able to start in non-global zones
Reviewed by: Adam Stevko <adam.stevko@gmail.com> Reviewed by: Andy Stormont <astormont@racktopsystems.com> Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com> Approved by: Robert Mustacchi <rm@joyent.com>
Diffstat (limited to 'usr/src/cmd')
-rw-r--r--usr/src/cmd/auditset/svc-auditset.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/usr/src/cmd/auditset/svc-auditset.c b/usr/src/cmd/auditset/svc-auditset.c
index 4c01f278f8..cc2b8482d2 100644
--- a/usr/src/cmd/auditset/svc-auditset.c
+++ b/usr/src/cmd/auditset/svc-auditset.c
@@ -30,6 +30,7 @@
#include <audit_scf.h>
#include <bsm/adt.h>
#include <bsm/libbsm.h>
+#include <zone.h>
#include <errno.h>
#include <locale.h>
#include <stdio.h>
@@ -67,6 +68,7 @@ main(void)
{
char *auditset_fmri;
char *mask_cfg;
+ uint32_t policy;
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
@@ -92,6 +94,16 @@ main(void)
return (SMF_EXIT_OK);
}
+ /* check the audit policy */
+ if (auditon(A_GETPOLICY, (caddr_t)&policy, 0) == -1) {
+ (void) printf("Could not read audit policy: %s\n",
+ strerror(errno));
+ return (SMF_EXIT_ERR_OTHER);
+ }
+
+ if (!(policy & AUDIT_PERZONE) && (getzoneid() != GLOBAL_ZONEID))
+ return (SMF_EXIT_OK);
+
/* update attributable mask */
if (!do_getflags_scf(&mask_cfg) || mask_cfg == NULL) {
(void) printf("Could not get configured attributable audit "