From owner-cvs-src@FreeBSD.ORG Wed Dec 6 23:32:38 2006 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DC13D16A40F; Wed, 6 Dec 2006 23:32:38 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 416D343CA5; Wed, 6 Dec 2006 23:31:50 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 360D646DA6; Wed, 6 Dec 2006 18:32:37 -0500 (EST) Date: Wed, 6 Dec 2006 23:32:37 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Doug Barton In-Reply-To: <45775157.4030900@FreeBSD.org> Message-ID: <20061206233112.X65418@fledge.watson.org> References: <200609241731.k8OHV5mZ053132@repoman.freebsd.org> <45775157.4030900@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d auditd X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2006 23:32:39 -0000 On Wed, 6 Dec 2006, Doug Barton wrote: >> Sleep for one second after calling audit -t to give the audit daemon a >> chance to actually terminate the audit service and exit. Otherwise, on >> an rc.d/auditd restart, the new audit daemon instance may try to start >> auditing while the previous session is still running. Likewise, this >> ensures a chance for auditd to terminate the audit trail at system >> shutdown. >> >> Perhaps more ideally, the script would wait synchronously for auditd to >> exit rather than for an arbitrary but short period of time. > > Perhaps a better change would be: > > /usr/sbin/audit -t while : ; do). > if ; then > echo 'Waiting for the audit system to terminate' > sleep 1 > else > break > fi > done Is there a built-in mechanism in rc.d to wait for a process to exit? We'd like to wait for auditd to exit, specifically, as a sign that auditing really is terminated. For a variety of reasons, it's complicated to modify the "audit -t" notification mechanism to wait synchronously for audit to terminate. I have loose plans to work on it, but it will probably be a couple of months before that happens (6.3, definitely not 6.2 Robert N M Watson Computer Laboratory University of Cambridge