HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS337257

MFC r335899:
rS337257
Actions

Description

MFC r335899:

auditd(8): register signal handlers interrutibly

auditd_wait_for_events() relies on read(2) being interrupted by signals,
but it registers signal handlers with signal(3), which sets SA_RESTART.
That breaks asynchronous signal handling. It means that signals don't
actually get handled until after an audit(8) trigger is received.
Symptoms include:

  • Sending SIGTERM to auditd doesn't kill it right away; you must send SIGTERM and then send a trigger with auditon(2).
  • Same with SIGHUP
  • Zombie child processes don't get reaped until auditd receives a trigger sent by auditon. This includes children created by expiring audit trails at auditd startup.

Fix by using sigaction(2) instead of signal(3).

Cherry pick https://github.com/openbsm/openbsm/commit/d060887

PR: 229381
Reviewed by: cem
Obtained from: OpenBSM
Differential Revision: https://github.com/openbsm/openbsm/pull/36

Details

Provenance
asomersAuthored on
Reviewer
cem
Parents
rS337256: MFC r335287, r335290
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
stable/
10/
contrib/
openbsm/
bin/
auditd/

rS337257

View Options

stable/10/

Loading...
View Options

stable/10/contrib/openbsm/bin/auditd/auditd.c

Loading...