Re: [PATCH 2/2] audit: don't reset working wait time accidentally with auditd
On Tuesday, January 27, 2015 07:34:02 PM Richard Guy Briggs wrote:
During a queue overflow condition while we are waiting for auditd to
drain
the queue to make room for regular messages, we don't want a successful
auditd that has bypassed the queue check to reset the backlog wait time.
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
kernel/audit.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
I'm still wondering why we ever change audit_backlog_wait_time, it is only so
we don't end up calling wait_for_auditd() multiple times while we are waiting
for the queue to drain?
As a general comment, not directed at anyone in particular, the audit
backlog/queue handling looks a little odd ...
diff --git a/kernel/audit.c b/kernel/audit.c
index b333f03..73293ea 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1395,7 +1395,8 @@ struct audit_buffer *audit_log_start(struct
audit_context *ctx, gfp_t gfp_mask, return NULL;
}
- audit_backlog_wait_time = audit_backlog_wait_time_master;
+ if (!reserve)
+ audit_backlog_wait_time = audit_backlog_wait_time_master;
ab = audit_buffer_alloc(ctx, gfp_mask, type);
if (!ab) {
--
paul moore
security @ redhat