Re: Netlink Socket Problem
On Mon, 28 Feb 2005 17:48:28 -0500, Steve Grubb <sgrubb(a)redhat.com> wrote:
<snip>
What happens in real life is that passwd is going to log some data to the
audit system and opens a socket, then it collects the passwords, if
everything is OK, it passes the passwords to pam for authentication token
update. Pam decides that it needs to do some logging of its own and opens
descriptors to the audit system. They fail like above, EAGAIN.
Does any of you kernel hackers know why apps are limited to 1 netlink socket
connection? Can someone else verify the problem?
I think I can fix the problem by constantly closing and opening connections,
but that is ugly and not efficient. This "bug/feature" is holding up the
release of the next version of audit and patched trusted programs.
Though I don't know what's going on here, you could also just share
auditd's netlink connection and have trusted programs talk to auditd
(ie: passwd says to auditd, "Hey auditd, send this message to the
kernelm, thanks") rather then opening/closing the netlink connection
repeatedly. It's probably a bad idea for various reasons, though --
added complexity to auditd being one.
--
- Timothy R. Chavez