core/systemd.pc: do not add new non-underscored vars

Follow-up for 346b7b6b4931fc6bee9e820e0160dd024a86ed52

The old style was deprecated in
4908de44b0a0409f84a7cdc5641b114d6ce8ba03.

man/journald.conf.xml

@@ -478,11 +478,14 @@
       <varlistentry>
         <term><varname>Audit=</varname></term>
 
-        <listitem><para>Takes a boolean value. If enabled <command>systemd-journald</command> will turn on
-        kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor
-        disable it, leaving the previous state unchanged.  This means if another tool turns on auditing even
-        if <command>systemd-journald</command> left it off, it will still collect the generated
-        messages. Defaults to on in the default journal namespace, and unset otherwise.</para>
+        <listitem><para>Takes a boolean value or special value <literal>keep</literal>. If enabled
+        <command>systemd-journald</command> will turn on kernel auditing on start-up. If disabled it will
+        turn it off. When <literal>keep</literal> it will neither enable nor disable it, leaving the previous
+        state unchanged. This means if another tool turns on auditing even if
+        <command>systemd-journald</command> left it off, it will still collect the generated messages.
+        Defaults to yes in the default journal namespace, and <literal>keep</literal> otherwise.</para>
+
+        <!-- Explicit assignment of an empty string is equivalent to 'keep', for backward compatibility. -->
 
         <para>Note that this option does not control whether <command>systemd-journald</command> collects
         generated audit records, it just controls whether it tells the kernel to generate them. If you need

src/core/systemd.pc.in

@@ -91,11 +91,9 @@ catalog_dir=${prefix}/lib/systemd/catalog
 catalogdir=${catalog_dir}
 
 system_alloc_uid_min={{SYSTEM_ALLOC_UID_MIN}}
-systemallocuidmin=${system_alloc_uid_min}
 system_uid_max={{SYSTEM_UID_MAX}}
 systemuidmax=${system_uid_max}
 system_alloc_gid_min={{SYSTEM_ALLOC_GID_MIN}}
-systemallocgidmin=${system_alloc_gid_min}
 system_gid_max={{SYSTEM_GID_MAX}}
 systemgidmax=${system_gid_max}
 

src/journal/journald-audit.c

@@ -465,10 +465,14 @@ static int manager_set_kernel_audit(Manager *m) {
 
         assert(m);
         assert(m->audit_fd >= 0);
+        assert(m->config.set_audit >= 0);
 
-        if (m->config.set_audit < 0)
+        if (m->config.set_audit == AUDIT_KEEP)
                 return 0;
 
+        /* In the following, we can handle 'set_audit' as a boolean. */
+        assert(IN_SET(m->config.set_audit, AUDIT_NO, AUDIT_YES));
+
         struct {
                 union {
                         struct nlmsghdr header;
@@ -557,7 +561,7 @@ int manager_open_audit(Manager *m) {
         return 0;
 }
 
-void manager_reset_kernel_audit(Manager *m, int old_set_audit) {
+void manager_reset_kernel_audit(Manager *m, AuditSetMode old_set_audit) {
         assert(m);
 
         if (m->audit_fd < 0)

src/journal/journald-audit.h

@@ -10,4 +10,4 @@ void manager_process_audit_message(Manager *m, const void *buffer, size_t buffer
 void process_audit_string(Manager *m, int type, const char *data, size_t size);
 
 int manager_open_audit(Manager *m);
-void manager_reset_kernel_audit(Manager *m, int old_set_audit);
+void manager_reset_kernel_audit(Manager *m, AuditSetMode old_set_audit);

src/journal/journald-config.c

@@ -46,7 +46,7 @@ void journal_config_set_defaults(JournalConfig *c) {
                 .compress.threshold_bytes = UINT64_MAX,
                 .seal = -1,
                 .read_kmsg = -1,
-                .set_audit = -1,
+                .set_audit = _AUDIT_SET_MODE_INVALID,
                 .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
                 .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
                 .forward_to_syslog = -1,
@@ -59,6 +59,7 @@ void journal_config_set_defaults(JournalConfig *c) {
                 .max_level_console = -1,
                 .max_level_wall = -1,
                 .max_level_socket = -1,
+                .split_mode = _SPLIT_INVALID,
         };
 
         journal_reset_metrics(&c->system_storage_metrics);
@@ -122,7 +123,7 @@ void manager_merge_configs(Manager *m) {
         MERGE_NON_NEGATIVE(read_kmsg, !m->namespace);
         /* By default, kernel auditing is enabled by the main namespace instance, and not controlled by
          * non-default namespace instances. */
-        MERGE_NON_NEGATIVE(set_audit, m->namespace ? -1 : true);
+        MERGE_NON_NEGATIVE(set_audit, m->namespace ? AUDIT_KEEP : AUDIT_YES);
         MERGE_NON_ZERO(sync_interval_usec, DEFAULT_SYNC_INTERVAL_USEC);
 
         /* TODO: also merge them when comdline or credentials support to configure them. */
@@ -401,6 +402,16 @@ static const char* const split_mode_table[_SPLIT_MAX] = {
 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode);
 
+static const char* const audit_set_mode_table[_AUDIT_SET_MODE_MAX] = {
+        [AUDIT_NO]   = "no",
+        [AUDIT_YES]  = "yes",
+        [AUDIT_KEEP] = "keep",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(audit_set_mode, AuditSetMode, AUDIT_YES);
+/* For backward compatibility, an empty string has special meaning and equals to 'keep'. */
+DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_audit_set_mode, audit_set_mode, AuditSetMode, AUDIT_KEEP);
+
 int config_parse_line_max(
                 const char *unit,
                 const char *filename,

src/journal/journald-config.h

@@ -27,6 +27,14 @@ typedef struct JournalCompressOptions {
         uint64_t threshold_bytes;
 } JournalCompressOptions;
 
+typedef enum AuditSetMode {
+        AUDIT_NO = 0, /* Disables the kernel audit subsystem on start. */
+        AUDIT_YES,    /* Enables the kernel audit subsystem on start. */
+        AUDIT_KEEP,   /* Keep the current kernel audit subsystem state. */
+        _AUDIT_SET_MODE_MAX,
+        _AUDIT_SET_MODE_INVALID = -EINVAL,
+} AuditSetMode;
+
 typedef struct JournalConfig {
         /* Storage=, cred: journal.storage */
         Storage storage;
@@ -37,7 +45,7 @@ typedef struct JournalConfig {
         /* ReadKMsg= */
         int read_kmsg;
         /* Audit= */
-        int set_audit;
+        AuditSetMode set_audit;
         /* SyncIntervalSec= */
         usec_t sync_interval_usec;
         /* RateLimitIntervalSec= */
@@ -102,3 +110,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_line_max);
 CONFIG_PARSER_PROTOTYPE(config_parse_compress);
 CONFIG_PARSER_PROTOTYPE(config_parse_forward_to_socket);
 CONFIG_PARSER_PROTOTYPE(config_parse_split_mode);
+CONFIG_PARSER_PROTOTYPE(config_parse_audit_set_mode);

src/journal/journald-forward.h

@@ -6,6 +6,7 @@
 
 typedef enum Storage Storage;
 typedef enum SplitMode SplitMode;
+typedef enum AuditSetMode AuditSetMode;
 typedef struct JournalCompressOptions JournalCompressOptions;
 typedef struct JournalConfig JournalConfig;
 

src/journal/journald-gperf.gperf

@@ -23,7 +23,7 @@ Journal.Storage,              config_parse_storage,           0, offsetof(Journa
 Journal.Compress,             config_parse_compress,          0, offsetof(JournalConfig, compress)
 Journal.Seal,                 config_parse_tristate,          0, offsetof(JournalConfig, seal)
 Journal.ReadKMsg,             config_parse_tristate,          0, offsetof(JournalConfig, read_kmsg)
-Journal.Audit,                config_parse_tristate,          0, offsetof(JournalConfig, set_audit)
+Journal.Audit,                config_parse_audit_set_mode,    0, offsetof(JournalConfig, set_audit)
 Journal.SyncIntervalSec,      config_parse_sec,               0, offsetof(JournalConfig, sync_interval_usec)
 # The following is a legacy name for compatibility
 Journal.RateLimitInterval,    config_parse_sec,               0, offsetof(JournalConfig, ratelimit_interval)

src/shared/libaudit-util.c

@@ -19,8 +19,10 @@ DLSYM_PROTOTYPE(audit_log_acct_message) = NULL;
 DLSYM_PROTOTYPE(audit_log_user_avc_message) = NULL;
 DLSYM_PROTOTYPE(audit_log_user_comm_message) = NULL;
 static DLSYM_PROTOTYPE(audit_open) = NULL;
+#endif
 
 int dlopen_libaudit(void) {
+#if HAVE_AUDIT
         ELF_NOTE_DLOPEN("libaudit",
                         "Support for Audit logging",
                         ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED,
@@ -35,8 +37,12 @@ int dlopen_libaudit(void) {
                         DLSYM_ARG(audit_log_user_avc_message),
                         DLSYM_ARG(audit_log_user_comm_message),
                         DLSYM_ARG(audit_open));
+#else
+        return -EOPNOTSUPP;
+#endif
 }
 
+#if HAVE_AUDIT
 static int try_audit_request(int fd) {
         struct iovec iov;
         struct msghdr mh;

src/shared/libaudit-util.h

@@ -3,6 +3,8 @@
 
 #include "forward.h"
 
+int dlopen_libaudit(void);
+
 #if HAVE_AUDIT
 #  include <libaudit.h>         /* IWYU pragma: export */
 
@@ -11,8 +13,6 @@
 extern DLSYM_PROTOTYPE(audit_log_acct_message);
 extern DLSYM_PROTOTYPE(audit_log_user_avc_message);
 extern DLSYM_PROTOTYPE(audit_log_user_comm_message);
-
-int dlopen_libaudit(void);
 #endif
 
 bool use_audit(void);