Date: Tue, 28 Mar 2006 17:48:49 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 94185 for review Message-ID: <200603281748.k2SHmnJW050797@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=94185 Change 94185 by rwatson@rwatson_zoo on 2006/03/28 17:48:17 Clear the audit mask of the audit daemon on start. Hook up reap_children(), which was apparently not hooked up. This should prevent large numbers of zombies from accumulating over time. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $ */ #include <sys/types.h> @@ -44,6 +44,7 @@ #include <bsm/audit_uevents.h> #include <bsm/libbsm.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <grp.h> @@ -63,6 +64,7 @@ static char *lastfile = NULL; static int allhardcount = 0; static int triggerfd = 0; +static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; static int sigterms, sigterms_handled; static long global_flags; @@ -422,6 +424,8 @@ sighups++; if (signal == SIGTERM) sigterms++; + if (signal == SIGCHLD) + sigchlds++; } /* @@ -489,7 +493,6 @@ static int last_trigger; static time_t last_time; struct dir_ent *dirent; - int rc; /* * Suppres duplicate messages from the kernel within the specified @@ -595,6 +598,34 @@ } /* + * Reap our children. + */ +static void +reap_children(void) +{ + pid_t child; + int wstatus; + + while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) { + if (!wstatus) + continue; + syslog(LOG_INFO, "warn process [pid=%d] %s %d.", child, + ((WIFEXITED(wstatus)) ? "exited with non-zero status" : + "exited as a result of signal"), + ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) : + WTERMSIG(wstatus))); + } +} + +static void +handle_sigchld(void) +{ + + sigchlds_handled = sigchlds; + reap_children(); +} + +/* * Read the control file for triggers/signals and handle appropriately. */ static int @@ -613,6 +644,10 @@ syslog(LOG_DEBUG, "%s: SIGTERM", __FUNCTION__); break; } + if (sigchlds != sigchlds_handled) { + syslog(LOG_DEBUG, "%s: SIGCHLD", __FUNCTION__); + handle_sigchld(); + } if (sighups != sighups_handled) { syslog(LOG_DEBUG, "%s: SIGHUP", __FUNCTION__); handle_sighup(); @@ -633,26 +668,6 @@ } /* - * Reap our children. - */ -static void -reap_children(void) -{ - pid_t child; - int wstatus; - - while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) { - if (!wstatus) - continue; - syslog(LOG_INFO, "warn process [pid=%d] %s %d.", child, - ((WIFEXITED(wstatus)) ? "exited with non-zero status" : - "exited as a result of signal"), - ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) : - WTERMSIG(wstatus))); - } -} - -/* * Configure the audit controls in the kernel: the event to class mapping, * kernel preselection mask, etc. */ @@ -730,6 +745,7 @@ static void setup(void) { + auditinfo_t auinfo; int aufd; token_t *tok; @@ -738,6 +754,23 @@ fail_exit(); } + /* + * To provide event feedback cycles and avoid auditd becoming + * stalled if auditing is suspended, auditd and its children run + * without their events being audited. We allow the uid, tid, and + * mask fields to be implicitly set to zero, but do set the pid. We + * run this after opening the trigger device to avoid configuring + * audit state without audit present in the system. + * + * XXXRW: Is there more to it than this? + */ + bzero(&auinfo, sizeof(auinfo)); + auinfo.ai_asid = getpid(); + if (setaudit(&auinfo) == -1) { + syslog(LOG_ERR, "Error setting audit stat"); + fail_exit(); + } + TAILQ_INIT(&dir_q); if (read_control_file() == -1) { syslog(LOG_ERR, "Error reading control file");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603281748.k2SHmnJW050797>