diff options
author | Albert Lee <trisk@omniti.com> | 2015-02-17 15:06:48 +0300 |
---|---|---|
committer | Robert Mustacchi <rm@joyent.com> | 2015-02-25 18:23:11 -0800 |
commit | da5086c104e170d3832a3e1782dc8617061c7fc6 (patch) | |
tree | 1ef95551916ee3e7c36deb1f49cdec99d3fc1f2d /usr/src/cmd | |
parent | ce926fbb3eac0337e32c8855d5843ab73a07c345 (diff) | |
download | illumos-gate-da5086c104e170d3832a3e1782dc8617061c7fc6.tar.gz |
443 auditset SMF not able to start in non-global zones
Reviewed by: Adam Stevko <adam.stevko@gmail.com>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Diffstat (limited to 'usr/src/cmd')
-rw-r--r-- | usr/src/cmd/auditset/svc-auditset.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/usr/src/cmd/auditset/svc-auditset.c b/usr/src/cmd/auditset/svc-auditset.c index 4c01f278f8..cc2b8482d2 100644 --- a/usr/src/cmd/auditset/svc-auditset.c +++ b/usr/src/cmd/auditset/svc-auditset.c @@ -30,6 +30,7 @@ #include <audit_scf.h> #include <bsm/adt.h> #include <bsm/libbsm.h> +#include <zone.h> #include <errno.h> #include <locale.h> #include <stdio.h> @@ -67,6 +68,7 @@ main(void) { char *auditset_fmri; char *mask_cfg; + uint32_t policy; (void) setlocale(LC_ALL, ""); (void) textdomain(TEXT_DOMAIN); @@ -92,6 +94,16 @@ main(void) return (SMF_EXIT_OK); } + /* check the audit policy */ + if (auditon(A_GETPOLICY, (caddr_t)&policy, 0) == -1) { + (void) printf("Could not read audit policy: %s\n", + strerror(errno)); + return (SMF_EXIT_ERR_OTHER); + } + + if (!(policy & AUDIT_PERZONE) && (getzoneid() != GLOBAL_ZONEID)) + return (SMF_EXIT_OK); + /* update attributable mask */ if (!do_getflags_scf(&mask_cfg) || mask_cfg == NULL) { (void) printf("Could not get configured attributable audit " |