Re: [RFC PATCH 3/7] audit: allow systemd to use queue reserves
On 15/10/22, Steve Grubb wrote:
On Thursday, October 22, 2015 02:53:16 PM Richard Guy Briggs wrote:
> Treat systemd the same way as auditd, allowing it to overrun the queue to
> avoid blocking.
Do you mind explaining this a little more? I'm having a hard time
understanding how systemd is involved.
systemd should only have CAP_AUDIT_READ for the multicast socket and
otherwise behaves as a user client, sending AUDIT_USER_* messages. It
starts and stops auditd and we don't want it blocking trying to allocate
a buffer on the standard queue in audit_log_start() while it is tasked
with telling auditd to start or stop.
-Steve
> Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
> ---
> kernel/audit.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 3917aad..384a1a1 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1375,7 +1375,7 @@ struct audit_buffer *audit_log_start(struct
> audit_context *ctx, gfp_t gfp_mask, return NULL;
>
> if (gfp_mask & __GFP_WAIT) {
> - if (audit_pid && audit_pid == current->tgid)
> + if (current->tgid == 1 || (audit_pid && audit_pid ==
current->tgid))
> gfp_mask &= ~__GFP_WAIT;
> else
> reserve = 0;
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545