Re: Auditd reconfigure using SIGHUP

In my last email I missed mentioning the fix that I have implemented. Issue 1) As you said, I have fixed it by replacing the ev_signal by ev_child as below. struct ev_child sigchld_watcher; ev_child_init (&sigchld_watcher, child_handler, 0, 0); ev_child_start (EV_DEFAULT_ &sigchld_watcher); static void child_handler(EV_P_ ev_child *w, int revents) { int pid; if (w->rpid == dispatcher_pid()) { dispatcher_reaped(); } }

Issue 2) In auditd.c main(), child_handler is registered not immediately after init_dispatcher() is called. I have modified the audit to register ev_child immediately after init_dispatcher() as below. Or maybe before calling init_dispatcher(). This fixed issue 2 for me. Below extract is from documentation of libev for ev_child: " It is permissible to install a child watcher after the child has been forked (which implies it might have already exited), as long as the event loop isn't entered (or is continued from a watcher), i.e., forking and then immediately registering a watcher for the child is fine, but forking and registering a watcher a few event loop iterations later or in the next callback invocation is not." if (init_dispatcher(&config)) { if (pidfile) unlink(pidfile); tell_parent(FAILURE); return 1; } ev_child_init (&sigchld_watcher, child_handler, 0, 0); ev_child_start (EV_DEFAULT_ &sigchld_watcher); Issue 3) With the above fix for issue 2, I did not see the issue 3 getting occurred for me. This could be because shutdown_dispatcher() is called from dispatcher_reaped() where the status on the pipe is not checked.