[RFC PATCH 3/7] audit: allow systemd to use queue reserves
Richard Guy Briggs
rgb at redhat.com
Thu Oct 22 19:51:59 UTC 2015
On 15/10/22, Steve Grubb wrote:
> On Thursday, October 22, 2015 02:53:16 PM Richard Guy Briggs wrote:
> > Treat systemd the same way as auditd, allowing it to overrun the queue to
> > avoid blocking.
>
> Do you mind explaining this a little more? I'm having a hard time
> understanding how systemd is involved.
systemd should only have CAP_AUDIT_READ for the multicast socket and
otherwise behaves as a user client, sending AUDIT_USER_* messages. It
starts and stops auditd and we don't want it blocking trying to allocate
a buffer on the standard queue in audit_log_start() while it is tasked
with telling auditd to start or stop.
> -Steve
>
> > Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> > ---
> > kernel/audit.c | 2 +-
> > 1 files changed, 1 insertions(+), 1 deletions(-)
> >
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 3917aad..384a1a1 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1375,7 +1375,7 @@ struct audit_buffer *audit_log_start(struct
> > audit_context *ctx, gfp_t gfp_mask, return NULL;
> >
> > if (gfp_mask & __GFP_WAIT) {
> > - if (audit_pid && audit_pid == current->tgid)
> > + if (current->tgid == 1 || (audit_pid && audit_pid == current->tgid))
> > gfp_mask &= ~__GFP_WAIT;
> > else
> > reserve = 0;
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list