audit/backport-Solve-issue-363-by-moving-check-to-after-load_config.patch

From 0604569e79a5d1c76b32f15576e129e0b813659f Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sun, 24 Mar 2024 13:06:59 -0400
Subject: [PATCH] Solve issue #363 by moving check to after load_config

Conflict:NA
Reference:https://github.com/linux-audit/audit-userspace/commit/0604569e79a5d1c76b32f15576e129e0b813659f

---
 src/auditd.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/src/auditd.c b/src/auditd.c
index e0fe9925..67ce06c0 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -676,20 +676,6 @@ int main(int argc, char *argv[])
 	}
 	session = audit_get_session();
 
-#ifndef DEBUG
-	/* Make sure we can do our job. Containers may not give you
-	 * capabilities, so we revert to a uid check for that case. */
-	if (!audit_can_control()) {
-		if (!config.local_events && geteuid() == 0)
-			;
-		else {
-			fprintf(stderr,
-		"You must be root or have capabilities to run this program.\n");
-			return 4;
-		}
-	}
-#endif
-
 	/* Register sighandlers */
 	sa.sa_flags = 0 ;
 	sigemptyset( &sa.sa_mask ) ;
@@ -717,6 +703,21 @@ int main(int argc, char *argv[])
 		free_config(&config);
 		return 6;
 	}
+
+#ifndef DEBUG
+	/* Make sure we can do our job. Containers may not give you
+	 * capabilities, so we revert to a uid check for that case. */
+	if (!audit_can_control()) {
+		if (!config.local_events && geteuid() == 0)
+			;
+		else {
+			fprintf(stderr,
+		"You must be root or have capabilities to run this program.\n");
+			return 4;
+		}
+	}
+#endif
+
 	if (config.daemonize == D_FOREGROUND)
 		config.write_logs = 0;
 
-- 
2.33.0
backport patches to fix bug Signed-off-by: xuraoqing <xuraoqing@huawei.com> 2024-05-28 10:05:39 +08:00			`From 0604569e79a5d1c76b32f15576e129e0b813659f Mon Sep 17 00:00:00 2001`
			`From: Steve Grubb <ausearch.1@gmail.com>`
			`Date: Sun, 24 Mar 2024 13:06:59 -0400`
			`Subject: [PATCH] Solve issue #363 by moving check to after load_config`

			`Conflict:NA`
			`Reference:https://github.com/linux-audit/audit-userspace/commit/0604569e79a5d1c76b32f15576e129e0b813659f`

			`---`
			`src/auditd.c \| 29 +++++++++++++++--------------`
			`1 file changed, 15 insertions(+), 14 deletions(-)`

			`diff --git a/src/auditd.c b/src/auditd.c`
			`index e0fe9925..67ce06c0 100644`
			`--- a/src/auditd.c`
			`+++ b/src/auditd.c`
			`@@ -676,20 +676,6 @@ int main(int argc, char *argv[])`
			`}`
			`session = audit_get_session();`

			`-#ifndef DEBUG`
			`- /* Make sure we can do our job. Containers may not give you`
			`- * capabilities, so we revert to a uid check for that case. */`
			`- if (!audit_can_control()) {`
			`- if (!config.local_events && geteuid() == 0)`
			`- ;`
			`- else {`
			`- fprintf(stderr,`
			`- "You must be root or have capabilities to run this program.\n");`
			`- return 4;`
			`- }`
			`- }`
			`-#endif`
			`-`
			`/* Register sighandlers */`
			`sa.sa_flags = 0 ;`
			`sigemptyset( &sa.sa_mask ) ;`
			`@@ -717,6 +703,21 @@ int main(int argc, char *argv[])`
			`free_config(&config);`
			`return 6;`
			`}`
			`+`
			`+#ifndef DEBUG`
			`+ /* Make sure we can do our job. Containers may not give you`
			`+ * capabilities, so we revert to a uid check for that case. */`
			`+ if (!audit_can_control()) {`
			`+ if (!config.local_events && geteuid() == 0)`
			`+ ;`
			`+ else {`
			`+ fprintf(stderr,`
			`+ "You must be root or have capabilities to run this program.\n");`
			`+ return 4;`
			`+ }`
			`+ }`
			`+#endif`
			`+`
			`if (config.daemonize == D_FOREGROUND)`
			`config.write_logs = 0;`

			`--`
			`2.33.0`