From owner-svn-src-head@FreeBSD.ORG Fri Nov 30 23:03:52 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BED46FEE; Fri, 30 Nov 2012 23:03:52 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 8B2758FC15; Fri, 30 Nov 2012 23:03:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAUN3p7X071839; Fri, 30 Nov 2012 23:03:51 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAUN3peT071838; Fri, 30 Nov 2012 23:03:51 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201211302303.qAUN3peT071838@svn.freebsd.org> From: Pawel Jakub Dawidek Date: Fri, 30 Nov 2012 23:03:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r243723 - head/sys/security/audit X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2012 23:03:52 -0000 Author: pjd Date: Fri Nov 30 23:03:51 2012 New Revision: 243723 URL: http://svnweb.freebsd.org/changeset/base/243723 Log: IFp4 @208383: Currently when we discover that trail file is greater than configured limit we send AUDIT_TRIGGER_ROTATE_KERNEL trigger to the auditd daemon once. If for some reason auditd didn't rotate trail file it will never be rotated. Change it by sending the trigger when trail file size grows by the configured limit. For example if the limit is 1MB, we will send trigger on 1MB, 2MB, 3MB, etc. This is also needed for the auditd change that will be committed soon where auditd may ignore the trigger - it might be ignored if kernel requests the trail file to be rotated too quickly (often than once a second) which would result in overwriting previous trail file. Sponsored by: FreeBSD Foundation (auditdistd) MFC after: 2 weeks Modified: head/sys/security/audit/audit_worker.c Modified: head/sys/security/audit/audit_worker.c ============================================================================== --- head/sys/security/audit/audit_worker.c Fri Nov 30 22:59:20 2012 (r243722) +++ head/sys/security/audit/audit_worker.c Fri Nov 30 23:03:51 2012 (r243723) @@ -189,11 +189,11 @@ audit_record_write(struct vnode *vp, str * to the daemon. This is only approximate, which is fine as more * records may be generated before the daemon rotates the file. */ - if ((audit_fstat.af_filesz != 0) && (audit_file_rotate_wait == 0) && - (audit_size >= audit_fstat.af_filesz)) { + if (audit_fstat.af_filesz != 0 && + audit_size >= audit_fstat.af_filesz * (audit_file_rotate_wait + 1)) { AUDIT_WORKER_LOCK_ASSERT(); - audit_file_rotate_wait = 1; + audit_file_rotate_wait++; (void)audit_send_trigger(AUDIT_TRIGGER_ROTATE_KERNEL); }