From owner-p4-projects@FreeBSD.ORG Tue Mar 28 17:48:53 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 378EE16A422; Tue, 28 Mar 2006 17:48:53 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFB3716A401 for ; Tue, 28 Mar 2006 17:48:52 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6A7243D79 for ; Tue, 28 Mar 2006 17:48:49 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k2SHmneA050800 for ; Tue, 28 Mar 2006 17:48:49 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k2SHmnJW050797 for perforce@freebsd.org; Tue, 28 Mar 2006 17:48:49 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 28 Mar 2006 17:48:49 GMT Message-Id: <200603281748.k2SHmnJW050797@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 94185 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2006 17:48:53 -0000 http://perforce.freebsd.org/chv.cgi?CH=94185 Change 94185 by rwatson@rwatson_zoo on 2006/03/28 17:48:17 Clear the audit mask of the audit daemon on start. Hook up reap_children(), which was apparently not hooked up. This should prevent large numbers of zombies from accumulating over time. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $ */ #include @@ -44,6 +44,7 @@ #include #include +#include #include #include #include @@ -63,6 +64,7 @@ static char *lastfile = NULL; static int allhardcount = 0; static int triggerfd = 0; +static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; static int sigterms, sigterms_handled; static long global_flags; @@ -422,6 +424,8 @@ sighups++; if (signal == SIGTERM) sigterms++; + if (signal == SIGCHLD) + sigchlds++; } /* @@ -489,7 +493,6 @@ static int last_trigger; static time_t last_time; struct dir_ent *dirent; - int rc; /* * Suppres duplicate messages from the kernel within the specified @@ -595,6 +598,34 @@ } /* + * Reap our children. + */ +static void +reap_children(void) +{ + pid_t child; + int wstatus; + + while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) { + if (!wstatus) + continue; + syslog(LOG_INFO, "warn process [pid=%d] %s %d.", child, + ((WIFEXITED(wstatus)) ? "exited with non-zero status" : + "exited as a result of signal"), + ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) : + WTERMSIG(wstatus))); + } +} + +static void +handle_sigchld(void) +{ + + sigchlds_handled = sigchlds; + reap_children(); +} + +/* * Read the control file for triggers/signals and handle appropriately. */ static int @@ -613,6 +644,10 @@ syslog(LOG_DEBUG, "%s: SIGTERM", __FUNCTION__); break; } + if (sigchlds != sigchlds_handled) { + syslog(LOG_DEBUG, "%s: SIGCHLD", __FUNCTION__); + handle_sigchld(); + } if (sighups != sighups_handled) { syslog(LOG_DEBUG, "%s: SIGHUP", __FUNCTION__); handle_sighup(); @@ -633,26 +668,6 @@ } /* - * Reap our children. - */ -static void -reap_children(void) -{ - pid_t child; - int wstatus; - - while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) { - if (!wstatus) - continue; - syslog(LOG_INFO, "warn process [pid=%d] %s %d.", child, - ((WIFEXITED(wstatus)) ? "exited with non-zero status" : - "exited as a result of signal"), - ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) : - WTERMSIG(wstatus))); - } -} - -/* * Configure the audit controls in the kernel: the event to class mapping, * kernel preselection mask, etc. */ @@ -730,6 +745,7 @@ static void setup(void) { + auditinfo_t auinfo; int aufd; token_t *tok; @@ -738,6 +754,23 @@ fail_exit(); } + /* + * To provide event feedback cycles and avoid auditd becoming + * stalled if auditing is suspended, auditd and its children run + * without their events being audited. We allow the uid, tid, and + * mask fields to be implicitly set to zero, but do set the pid. We + * run this after opening the trigger device to avoid configuring + * audit state without audit present in the system. + * + * XXXRW: Is there more to it than this? + */ + bzero(&auinfo, sizeof(auinfo)); + auinfo.ai_asid = getpid(); + if (setaudit(&auinfo) == -1) { + syslog(LOG_ERR, "Error setting audit stat"); + fail_exit(); + } + TAILQ_INIT(&dir_q); if (read_control_file() == -1) { syslog(LOG_ERR, "Error reading control file");