Re: [PATCH 1/2] fix auditctl -D

On Friday 28 April 2006 18:35, Joy Latten wrote: We still have a problem. This patch works around the problem but its still there. The problem is that getting a list results in ENOBUFS. This causes "delete all" to fail. This patch avoids that problem because the list internal to the kernel gets deleted. But what if you just want to list all the rules? You still get a ENOBUFS. execve("/home/sgrubb/working/BUILD/audit-1.2.2/src/auditctl" ... socket(PF_NETLINK, SOCK_RAW, 9) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 sendto(3, "\20\0\0\0\365\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16 poll([{fd=3, events=POLLIN, revents=POLLIN|POLLERR}], 1, 100) = 1 recvfrom(3, 0x7fff2a895330, 8476, 66, 0x7fff2a893170, 0x7fff2a89317c) = -1 ENOBUFS (No buffer space available) write(2, "Error receiving audit netlink pa"..., 64Error receiving audit netlink packet (No buffer space available)) = 64 write(2, "\n", 1) = 1 write(2, "Error sending rule list request "..., 59Error sending rule list request (No buffer space available)) = 59 write(2, "\n", 1) = 1 close(3) = 0 exit_group(-1) = ? Process 2608 detached The very first recvfrom returns the error. The kernel needs to see that its about to fill the netlink buffers and reschedule the listing thread until user space can drain the buffers. So, while -D is solved by this patch, -l is not. -Steve