Page MenuHomeFreeBSD
Differential D57451

auditd: Fix signal handling
ClosedPublic
Actions

Authored by des on Thu, Jun 4, 7:16 PM.
Tags
None
Referenced Files
F159339718: D57451.diff
Sat, Jun 13, 1:04 AM
Unknown Object (File)
Fri, Jun 12, 12:16 PM
Unknown Object (File)
Tue, Jun 9, 2:58 PM
Unknown Object (File)
Tue, Jun 9, 9:13 AM
Unknown Object (File)
Tue, Jun 9, 7:51 AM
Unknown Object (File)
Mon, Jun 8, 9:14 PM
Unknown Object (File)
Mon, Jun 8, 8:21 AM
Unknown Object (File)
Mon, Jun 8, 2:34 AM
View All 11 Files
Subscribers
cperciva
imp

Details

Reviewers
kevans
csjp
cperciva
Commits
rG5bd78cfc8003: auditd: Fix signal handling
Summary

Rewrite the main loop to use ppoll() instead of just blocking on read,
blocking the signals we care about when we aren't polling.

I didn't bother replacing alarm() with setitimer(); the alarm code
is dead anyway since there is no way for max_idletime to acquire a
non-zero value.

While here, avoid leaking the pid file and trigger descriptors to the
log child.

PR: 295840
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 73713
Build 70596: arc lint + arc unit

Event Timeline

des created this revision.Thu, Jun 4, 7:16 PM
Herald added a subscriber: imp. · View Herald TranscriptThu, Jun 4, 7:16 PM
des requested review of this revision.Thu, Jun 4, 7:16 PM
Harbormaster completed remote builds in B73678: Diff 179229.Thu, Jun 4, 7:16 PM
des added a child revision: D57452: auditd: Whitespace cleanup.Thu, Jun 4, 7:16 PM
kevans added a reviewer: csjp.Thu, Jun 4, 7:18 PM
des updated this revision to Diff 179232.Thu, Jun 4, 8:13 PM

polling not implemented

Harbormaster completed remote builds in B73680: Diff 179232.Thu, Jun 4, 8:13 PM
des edited the summary of this revision. (Show Details)Thu, Jun 4, 8:13 PM
des edited child revisions, added: D57458: auditd: Further improve signal handling; removed: D57452: auditd: Whitespace cleanup.Thu, Jun 4, 10:15 PM
kevans accepted this revision.Fri, Jun 5, 2:01 PM
This revision is now accepted and ready to land.Fri, Jun 5, 2:01 PM
cperciva accepted this revision.Fri, Jun 5, 4:10 PM
cperciva added a subscriber: cperciva.

MFC after: 1 minute
Accelerated MFC requested by: re (cperciva)

des updated this revision to Diff 179305.Fri, Jun 5, 9:38 PM

merge D57458 into this

This revision now requires review to proceed.Fri, Jun 5, 9:38 PM
Harbormaster completed remote builds in B73713: Diff 179305.Fri, Jun 5, 9:38 PM
des mentioned this in D57458: auditd: Further improve signal handling.Fri, Jun 5, 9:38 PM
des added a child revision: D57452: auditd: Whitespace cleanup.
des added a parent revision: D57457: audit: Add poll / select support.
des edited the summary of this revision. (Show Details)
des planned changes to this revision.Fri, Jun 5, 9:53 PM

This still needs work: we should set the signal mask before installing signal handlers in register_daemon() rather than here, and the original mask should be a global variable so the auditwarnlog() child can restore it before exec()ing the script.

cperciva resigned from this revision.Fri, Jun 5, 10:28 PM
des updated this revision to Diff 179380.Mon, Jun 8, 1:27 PM

set signal mask before installing handlers

Harbormaster completed remote builds in B73739: Diff 179380.Mon, Jun 8, 1:27 PM
des edited the summary of this revision. (Show Details)Mon, Jun 8, 1:27 PM
kevans added inline comments.Mon, Jun 8, 1:59 PM
contrib/openbsm/bin/auditd/auditd.c
358 ↗(On Diff #179380)

This seems to mean that we end up going into auditd_wait_for_events with the original signal mask and all of our handled signals unmasked, doesn't it? We don't run auditd -l normally, so this gets called in setup() and reverts our signal mask before we start our main loop

des added inline comments.Mon, Jun 8, 2:13 PM
contrib/openbsm/bin/auditd/auditd.c
358 ↗(On Diff #179380)

oh this was meant to go in close_misc() 🤦‍♂️

des updated this revision to Diff 179384.Mon, Jun 8, 2:16 PM

rf

Harbormaster completed remote builds in B73741: Diff 179384.Mon, Jun 8, 2:16 PM
des marked an inline comment as done.Mon, Jun 8, 2:30 PM
kevans accepted this revision.Mon, Jun 8, 3:36 PM
This revision is now accepted and ready to land.Mon, Jun 8, 3:36 PM
Closed by commit rG5bd78cfc8003: auditd: Fix signal handling (authored by des). · Explain WhyMon, Jun 8, 10:47 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG5bd78cfc8003: auditd: Fix signal handling.

Revision Contents
Changeset List

PathSize
contrib/
openbsm/
bin/
auditd/
71 lines

Diff 179305

View Options

contrib/openbsm/bin/auditd/auditd_fbsd.c

Loading...