[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[rhel6-branch 1/2] memory: build auditd as a standalone binary and run it so.



Instead of just forking, we fork() anaconda and then execv our custom
audit daemon. This saves us an extra anaconda process running permanently,
taking memory.

Related: rhbz#549653
---
 anaconda          |   14 +++++++++++++-
 isys/Makefile.am  |    6 ++++++
 isys/auditd.c     |   11 +++++------
 scripts/mk-images |    2 ++
 4 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/anaconda b/anaconda
index 20ae4a0..e85a70a 100755
--- a/anaconda
+++ b/anaconda
@@ -60,6 +60,18 @@ def startMetacityWM():
             sys.exit(0)
     return childpid
 
+def startAuditDaemon():
+    childpid = os.fork()
+    if not childpid:
+        cmd = '/sbin/auditd'
+        try:
+            os.execl(cmd, cmd)
+        except OSError as e:
+            log.error("Error running the audit daemon: %s" % str(e))
+        sys.exit(0)
+    # auditd will turn into a daemon so catch the immediate child pid now:
+    os.waitpid(childpid, 0)
+
 # function to handle X startup special issues for anaconda
 def doStartupX11Actions(runres="800x600"):
     global wm_pid
@@ -760,7 +772,7 @@ if __name__ == "__main__":
         opts.isHeadless = True
 
     if not flags.livecdInstall:
-        isys.auditDaemon()
+        startAuditDaemon()
 
     # setup links required for all install types
     for i in ( "services", "protocols", "nsswitch.conf", "joe", "selinux",
diff --git a/isys/Makefile.am b/isys/Makefile.am
index f7c076a..415a0b5 100644
--- a/isys/Makefile.am
+++ b/isys/Makefile.am
@@ -52,4 +52,10 @@ libisys_la_LDFLAGS    = -static
 libisys_la_LIBADD     = $(ISYS_LIBS)
 libisys_la_SOURCES    = $(ISYS_SRCS)
 
+auditddir             = $(libdir)/$(PACKAGE_NAME)-runtime
+auditd_PROGRAMS       = auditd
+auditd_SOURCES        = auditd.c
+auditd_CFLAGS         = -DSTANDALONE $(SELINUX_CFLAGS)
+auditd_LDADD          = $(SELINUX_LIBS) $(LIBNL_LIBS)
+
 MAINTAINERCLEANFILES = Makefile.in
diff --git a/isys/auditd.c b/isys/auditd.c
index 8eef4f3..2ca6d04 100644
--- a/isys/auditd.c
+++ b/isys/auditd.c
@@ -94,32 +94,31 @@ static void do_auditd(int fd) {
 int audit_daemonize(void) {
 #ifdef USESELINUX
     int fd;
-#ifndef STANDALONE 
-    int i;
     pid_t child;
-
+    int i;
     if ((child = fork()) > 0)
         return 0;
 
+#ifndef STANDALONE 
     for (i = 0; i < getdtablesize(); i++)
         close(i);
-
     signal(SIGTTOU, SIG_IGN);
     signal(SIGTTIN, SIG_IGN);
     signal(SIGTSTP, SIG_IGN);
+#endif /* !defined(STANDALONE) */
 
     if ((fd = open("/proc/self/oom_adj", O_RDWR)) >= 0) {
         i = write(fd, "-17", 3);
         close(fd);
     }
-
-#endif /* !defined(STANDALONE) */
     fd = audit_open();
     do_auditd(fd);
     audit_close(fd);
+
 #ifndef STANDALONE
     exit(0);
 #endif /* !defined(STANDALONE) */
+
 #endif /* USESELINUX */
     return 0;
 }
diff --git a/scripts/mk-images b/scripts/mk-images
index bf76ce3..d55f110 100755
--- a/scripts/mk-images
+++ b/scripts/mk-images
@@ -163,6 +163,7 @@ GETKEYMAPS=$IMGPATH/usr/lib/anaconda-runtime/getkeymaps
 GENINITRDSZ=$IMGPATH/usr/lib/anaconda-runtime/geninitrdsz
 MKS390CDBOOT=$IMGPATH/usr/lib/anaconda-runtime/mk-s390-cdboot
 GENMODINFO=$IMGPATH/usr/lib/anaconda-runtime/genmodinfo
+LIBEXECBINDIR=$IMGPATH/usr/lib/anaconda-runtime
 KEYMAPS=$TMPDIR/keymaps-$BUILDARCH.$$
 SCREENFONT=$IMGPATH/usr/lib/anaconda-runtime/screenfont-${BASEARCH}.gz
 MODLIST=$IMGPATH/usr/lib/anaconda-runtime/modlist
@@ -667,6 +668,7 @@ makeinitrd() {
         instbin $IMGPATH /usr/sbin/dasdfmt $MBD_DIR /sbin/dasdfmt
         cp -a $IMGPATH/usr/sbin/*_cio_free $MBD_DIR/sbin
     fi
+    instbin $IMGPATH ${LIBEXECBINDIR##$IMGPATH}/auditd $MBD_DIR /sbin/auditd
 
     if [ "$BUILDARCH" != "s390" -a "$BUILDARCH" != "s390x" ]; then
        install -m 644 $KEYMAPS $MBD_DIR/etc/keymaps.gz
-- 
1.6.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]