14 changed files with 18 additions and 45 deletions
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@ -402,18 +402,6 @@
        this option is enabled by default, it is disabled in all others.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><varname>Audit=</varname></term>
        <listitem><para>Takes a boolean value. If enabled <command>systemd-journal</command> will turn on
        kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor
        disable it, leaving the previous state unchanged. Note that this option does not control whether
        <command>systemd-journald</command> collects generated audit records, it just controls whether it
        tells the kernel to generate them. This means if another tool turns on auditing even if
        <command>systemd-journald</command> left it off, it will still collect the generated
        messages. Defaults to on.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><varname>TTYPath=</varname></term>
--- a/src/basic/errno-util.h
+++ b/src/basic/errno-util.h
@ -87,16 +87,12 @@ static inline bool ERRNO_IS_RESOURCE(int r) {
                      ENOMEM);
 }
-/* Seven different errors for "operation/system call/ioctl/socket feature not supported" */
+/* Three different errors for "operation/system call/ioctl not supported" */
 static inline bool ERRNO_IS_NOT_SUPPORTED(int r) {
        return IN_SET(abs(r),
                      EOPNOTSUPP,
                      ENOTTY,
-                      ENOSYS,
+                      ENOSYS);
                      EAFNOSUPPORT,
                      EPFNOSUPPORT,
                      EPROTONOSUPPORT,
                      ESOCKTNOSUPPORT);
 }
 /* Two different errors for access problems */
--- a/src/basic/hexdecoct.c
+++ b/src/basic/hexdecoct.c
@ -599,13 +599,13 @@ ssize_t base64mem(const void *p, size_t l, char **out) {
 static int base64_append_width(
                char **prefix, int plen,
-                char sep, int indent,
+                const char *sep, int indent,
                const void *p, size_t l,
                int width) {
        _cleanup_free_ char *x = NULL;
        char *t, *s;
-        ssize_t len, avail, line, lines;
+        ssize_t len, slen, avail, line, lines;
        len = base64mem(p, l, &x);
        if (len <= 0)
@ -613,20 +613,21 @@ static int base64_append_width(
        lines = DIV_ROUND_UP(len, width);
-        if ((size_t) plen >= SSIZE_MAX - 1 - 1 ||
+        slen = strlen_ptr(sep);
-            lines > (SSIZE_MAX - plen - 1 - 1) / (indent + width + 1))
+        if (plen >= SSIZE_MAX - 1 - slen ||
            lines > (SSIZE_MAX - plen - 1 - slen) / (indent + width + 1))
                return -ENOMEM;
-        t = realloc(*prefix, (ssize_t) plen + 1 + 1 + (indent + width + 1) * lines);
+        t = realloc(*prefix, (ssize_t) plen + 1 + slen + (indent + width + 1) * lines);
        if (!t)
                return -ENOMEM;
-        t[plen] = sep;
+        memcpy_safe(t + plen, sep, slen);
-        for (line = 0, s = t + plen + 1, avail = len; line < lines; line++) {
+        for (line = 0, s = t + plen + slen, avail = len; line < lines; line++) {
                int act = MIN(width, avail);
-                if (line > 0 || sep == '\n') {
+                if (line > 0 || sep) {
                        memset(s, ' ', indent);
                        s += indent;
                }
@ -649,10 +650,10 @@ int base64_append(
        if (plen > width / 2 || plen + indent > width)
                /* leave indent on the left, keep last column free */
-                return base64_append_width(prefix, plen, '\n', indent, p, l, width - indent - 1);
+                return base64_append_width(prefix, plen, "\n", indent, p, l, width - indent - 1);
        else
                /* leave plen on the left, keep last column free */
-                return base64_append_width(prefix, plen, ' ', plen + 1, p, l, width - plen - 1);
+                return base64_append_width(prefix, plen, " ", plen, p, l, width - plen - 1);
 }
 static int unbase64_next(const char **p, size_t *l) {
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@ -2,7 +2,6 @@
 #include "alloc-util.h"
 #include "audit-type.h"
 #include "errno-util.h"
 #include "fd-util.h"
 #include "hexdecoct.h"
 #include "io-util.h"
@ -513,7 +512,7 @@ int server_open_audit(Server *s) {
                s->audit_fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
                if (s->audit_fd < 0) {
-                        if (ERRNO_IS_NOT_SUPPORTED(errno))
+                        if (IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT))
                                log_debug("Audit not supported in the kernel.");
                        else
                                log_warning_errno(errno, "Failed to create audit socket, ignoring: %m");
@ -540,16 +539,10 @@ int server_open_audit(Server *s) {
        if (r < 0)
                return log_error_errno(r, "Failed to add audit fd to event loop: %m");
-        if (s->set_audit >= 0) {
+        /* We are listening now, try to enable audit */
-                /* We are listening now, try to enable audit if configured so */
+        r = enable_audit(s->audit_fd, true);
                r = enable_audit(s->audit_fd, s->set_audit);
        if (r < 0)
                log_warning_errno(r, "Failed to issue audit enable call: %m");
                else if (s->set_audit > 0)
                        log_debug("Auditing in kernel turned on.");
                else
                        log_debug("Auditing in kernel turned off.");
        }
        return 0;
 }
--- a/src/journal/journald-gperf.gperf
+++ b/src/journal/journald-gperf.gperf
@ -22,7 +22,6 @@ Journal.Storage,            config_parse_storage,    0, offsetof(Server, storage
 Journal.Compress,           config_parse_compress,   0, offsetof(Server, compress)
 Journal.Seal,               config_parse_bool,       0, offsetof(Server, seal)
 Journal.ReadKMsg,           config_parse_bool,       0, offsetof(Server, read_kmsg)
 Journal.Audit,              config_parse_tristate,   0, offsetof(Server, set_audit)
 Journal.SyncIntervalSec,    config_parse_sec,        0, offsetof(Server, sync_interval_usec)
 # The following is a legacy name for compatibility
 Journal.RateLimitInterval,  config_parse_sec,        0, offsetof(Server, ratelimit_interval)
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@ -2208,8 +2208,6 @@ int server_init(Server *s, const char *namespace) {
                .compress.threshold_bytes = (uint64_t) -1,
                .seal = true,
                .set_audit = true,
                .watchdog_usec = USEC_INFINITY,
                .sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC,
--- a/src/journal/journald-server.h
+++ b/src/journal/journald-server.h
@ -108,7 +108,6 @@ struct Server {
        JournalCompressOptions compress;
        bool seal;
        bool read_kmsg;
        int set_audit;
        bool forward_to_kmsg;
        bool forward_to_syslog;
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@ -41,4 +41,3 @@
 #MaxLevelWall=emerg
 #LineMax=48K
 #ReadKMsg=yes
 #Audit=yes
--- a/test/test-resolve/com~20200417.pkts
+++ b/test/test-resolve/com~20200417.pkts
--- a/test/test-resolve/google.com~20160131.pkts
+++ b/test/test-resolve/google.com~20160131.pkts
--- a/test/test-resolve/google.com~20200417.pkts
+++ b/test/test-resolve/google.com~20200417.pkts
--- a/test/test-resolve/michigan.gov~20200417.pkts
+++ b/test/test-resolve/michigan.gov~20200417.pkts
--- a/test/test-resolve/org~20200417.pkts
+++ b/test/test-resolve/org~20200417.pkts
--- a/test/test-resolve/vdwaa.nl~20200417.pkts
+++ b/test/test-resolve/vdwaa.nl~20200417.pkts