From owner-cvs-all@FreeBSD.ORG Thu Dec 7 17:05:31 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 16A7716A556; Thu, 7 Dec 2006 17:05:31 +0000 (UTC) (envelope-from jhein@timing.com) Received: from Daffy.timing.com (w.timing.com [206.168.13.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7430442E3; Thu, 7 Dec 2006 16:51:12 +0000 (GMT) (envelope-from jhein@timing.com) Received: from gromit.timing.com (gromit.timing.com [206.168.13.209]) by Daffy.timing.com (8.13.1/8.13.1) with ESMTP id kB7GpwLe084910; Thu, 7 Dec 2006 09:51:58 -0700 (MST) (envelope-from jhein@timing.com) Received: from gromit.timing.com (localhost [127.0.0.1]) by gromit.timing.com (8.13.8/8.13.8) with ESMTP id kB7GppwV049003; Thu, 7 Dec 2006 09:51:51 -0700 (MST) (envelope-from jhein@gromit.timing.com) Received: (from jhein@localhost) by gromit.timing.com (8.13.8/8.13.8/Submit) id kB7GppeN049000; Thu, 7 Dec 2006 09:51:51 -0700 (MST) (envelope-from jhein) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17784.18086.947589.606142@gromit.timing.com> Date: Thu, 7 Dec 2006 09:51:50 -0700 From: John E Hein To: Doug Barton In-Reply-To: <4577586A.2010009@FreeBSD.org> References: <200609241731.k8OHV5mZ053132@repoman.freebsd.org> <45775157.4030900@FreeBSD.org> <20061206233112.X65418@fledge.watson.org> <4577586A.2010009@FreeBSD.org> X-Mailer: VM 7.19 under Emacs 22.0.50.1 X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on Daffy.timing.com X-Virus-Status: Clean Cc: Robert Watson , cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d auditd X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2006 17:05:31 -0000 Doug Barton wrote at 15:55 -0800 on Dec 6, 2006: > Robert Watson wrote: > > > > On Wed, 6 Dec 2006, Doug Barton wrote: > > > >>> Sleep for one second after calling audit -t to give the audit daemon a > >>> chance to actually terminate the audit service and exit. > >>> Otherwise, on > >>> an rc.d/auditd restart, the new audit daemon instance may try to start > >>> auditing while the previous session is still running. Likewise, this > >>> ensures a chance for auditd to terminate the audit trail at system > >>> shutdown. > >>> > >>> Perhaps more ideally, the script would wait synchronously for > >>> auditd to > >>> exit rather than for an arbitrary but short period of time. > >> > >> Perhaps a better change would be: > >> > >> /usr/sbin/audit -t while : ; do). > >> if ; then > >> echo 'Waiting for the audit system to terminate' > >> sleep 1 > >> else > >> break > >> fi > >> done > > > > Is there a built-in mechanism in rc.d to wait for a process to exit? > > There is wait_for_pids(), which combined with pgrep could possibly > work for you. Since I wasn't sure what your parameters are, the > mechanism above is generic enough to work with anything. > > > We'd like to wait for auditd to exit, specifically, as a sign that > > auditing really is terminated. > > Then what you probably want (untested) is something like > > /usr/sbin/audit -t > wait_for_pids `pgrep -d' ' auditd` > > hth, > > Doug Another option is to start auditd behind lockf. To determine whether auditd has exited, check for the lock file (put it in /var/run).