From 11dcd4141578da67b2dbc7fdd9af9cc2ff910543 Mon Sep 17 00:00:00 2001
From: fufesou <linlong1266@gmail.com>
Date: Wed, 25 Jun 2025 13:59:14 +0800
Subject: [PATCH] fix: linux sh path

Signed-off-by: fufesou <linlong1266@gmail.com>
---
 src/platform/linux.rs | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/platform/linux.rs b/src/platform/linux.rs
index 3ec22a7..0b790d5 100644
--- a/src/platform/linux.rs
+++ b/src/platform/linux.rs
@@ -216,14 +216,34 @@ pub fn is_session_locked(sid: &str) -> bool {
 // **Note** that the return value here, the last character is '\n'.
 // Use `run_cmds_trim_newline()` if you want to remove '\n' at the end.
 pub fn run_cmds(cmds: &str) -> ResultType<String> {
-    let output = std::process::Command::new("sh")
+    // We use `/bin/sh` instead of `sh`, because `sh` may cause a lot of audit logs.
+    // No idea why the audit logs happen.
+    // Though the audit logs may disappear after rebooting.
+    //
+    // See https://github.com/rustdesk/rustdesk/discussions/11959
+    //
+    // `ausearch -x /usr/share/rustdesk/rustdesk` will return
+    // ...
+    // time->Tue Jun 24 10:40:43 2025
+    // type=PROCTITLE msg=audit(1750776043.446:192757): proctitle=2F7573722F62696E2F727573746465736B002D2D73657276696365
+    // type=PATH msg=audit(1750776043.446:192757): item=0 name="/usr/local/bin/sh" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
+    // type=CWD msg=audit(1750776043.446:192757): cwd="/"
+    // type=SYSCALL msg=audit(1750776043.446:192757): arch=c000003e syscall=59 success=no exit=-2 a0=7fb7dbd22da0 a1=1d65f2c0 a2=7ffc25193360 a3=7ffc25194ec0 items=1 ppid=172208 pid=267565 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rustdesk" exe="/usr/share/rustdesk/rustdesk" subj=unconfined key="processos_criados"
+    // ----
+    // time->Tue Jun 24 10:40:43 2025
+    // type=PROCTITLE msg=audit(1750776043.446:192758): proctitle=2F7573722F62696E2F727573746465736B002D2D73657276696365
+    // type=PATH msg=audit(1750776043.446:192758): item=0 name="/usr/sbin/sh" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
+    // ...
+    let output = std::process::Command::new("/bin/sh")
         .args(vec!["-c", cmds])
         .output()?;
     Ok(String::from_utf8_lossy(&output.stdout).to_string())
 }
 
 pub fn run_cmds_trim_newline(cmds: &str) -> ResultType<String> {
-    let output = std::process::Command::new("sh")
+    // We use `/bin/sh` instead of `sh`, because `sh` may cause a lot of audit logs.
+    // See `run_cmds()` above.
+    let output = std::process::Command::new("/bin/sh")
         .args(vec!["-c", cmds])
         .output()?;
     let out = String::from_utf8_lossy(&output.stdout);