[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhel6-branch 1/2] memory: build auditd as a standalone binary and run it so.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ack, but please also add:

    isys/auditd

To the .gitignore file.

On Wed, 5 May 2010, Ales Kozumplik wrote:

Instead of just forking, we fork() anaconda and then execv our custom
audit daemon. This saves us an extra anaconda process running permanently,
taking memory.

Related: rhbz#549653
---
anaconda          |   14 +++++++++++++-
isys/Makefile.am  |    6 ++++++
isys/auditd.c     |   11 +++++------
scripts/mk-images |    2 ++
4 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/anaconda b/anaconda
index 20ae4a0..e85a70a 100755
--- a/anaconda
+++ b/anaconda
@@ -60,6 +60,18 @@ def startMetacityWM():
            sys.exit(0)
    return childpid

+def startAuditDaemon():
+    childpid = os.fork()
+    if not childpid:
+        cmd = '/sbin/auditd'
+        try:
+            os.execl(cmd, cmd)
+        except OSError as e:
+            log.error("Error running the audit daemon: %s" % str(e))
+        sys.exit(0)
+    # auditd will turn into a daemon so catch the immediate child pid now:
+    os.waitpid(childpid, 0)
+
# function to handle X startup special issues for anaconda
def doStartupX11Actions(runres="800x600"):
    global wm_pid
@@ -760,7 +772,7 @@ if __name__ == "__main__":
        opts.isHeadless = True

    if not flags.livecdInstall:
-        isys.auditDaemon()
+        startAuditDaemon()

    # setup links required for all install types
    for i in ( "services", "protocols", "nsswitch.conf", "joe", "selinux",
diff --git a/isys/Makefile.am b/isys/Makefile.am
index f7c076a..415a0b5 100644
--- a/isys/Makefile.am
+++ b/isys/Makefile.am
@@ -52,4 +52,10 @@ libisys_la_LDFLAGS    = -static
libisys_la_LIBADD     = $(ISYS_LIBS)
libisys_la_SOURCES    = $(ISYS_SRCS)

+auditddir             = $(libdir)/$(PACKAGE_NAME)-runtime
+auditd_PROGRAMS       = auditd
+auditd_SOURCES        = auditd.c
+auditd_CFLAGS         = -DSTANDALONE $(SELINUX_CFLAGS)
+auditd_LDADD          = $(SELINUX_LIBS) $(LIBNL_LIBS)
+
MAINTAINERCLEANFILES = Makefile.in
diff --git a/isys/auditd.c b/isys/auditd.c
index 8eef4f3..2ca6d04 100644
--- a/isys/auditd.c
+++ b/isys/auditd.c
@@ -94,32 +94,31 @@ static void do_auditd(int fd) {
int audit_daemonize(void) {
#ifdef USESELINUX
    int fd;
-#ifndef STANDALONE
-    int i;
    pid_t child;
-
+    int i;
    if ((child = fork()) > 0)
        return 0;

+#ifndef STANDALONE
    for (i = 0; i < getdtablesize(); i++)
        close(i);
-
    signal(SIGTTOU, SIG_IGN);
    signal(SIGTTIN, SIG_IGN);
    signal(SIGTSTP, SIG_IGN);
+#endif /* !defined(STANDALONE) */

    if ((fd = open("/proc/self/oom_adj", O_RDWR)) >= 0) {
        i = write(fd, "-17", 3);
        close(fd);
    }
-
-#endif /* !defined(STANDALONE) */
    fd = audit_open();
    do_auditd(fd);
    audit_close(fd);
+
#ifndef STANDALONE
    exit(0);
#endif /* !defined(STANDALONE) */
+
#endif /* USESELINUX */
    return 0;
}
diff --git a/scripts/mk-images b/scripts/mk-images
index bf76ce3..d55f110 100755
--- a/scripts/mk-images
+++ b/scripts/mk-images
@@ -163,6 +163,7 @@ GETKEYMAPS=$IMGPATH/usr/lib/anaconda-runtime/getkeymaps
GENINITRDSZ=$IMGPATH/usr/lib/anaconda-runtime/geninitrdsz
MKS390CDBOOT=$IMGPATH/usr/lib/anaconda-runtime/mk-s390-cdboot
GENMODINFO=$IMGPATH/usr/lib/anaconda-runtime/genmodinfo
+LIBEXECBINDIR=$IMGPATH/usr/lib/anaconda-runtime
KEYMAPS=$TMPDIR/keymaps-$BUILDARCH.$$
SCREENFONT=$IMGPATH/usr/lib/anaconda-runtime/screenfont-${BASEARCH}.gz
MODLIST=$IMGPATH/usr/lib/anaconda-runtime/modlist
@@ -667,6 +668,7 @@ makeinitrd() {
        instbin $IMGPATH /usr/sbin/dasdfmt $MBD_DIR /sbin/dasdfmt
        cp -a $IMGPATH/usr/sbin/*_cio_free $MBD_DIR/sbin
    fi
+    instbin $IMGPATH ${LIBEXECBINDIR##$IMGPATH}/auditd $MBD_DIR /sbin/auditd

    if [ "$BUILDARCH" != "s390" -a "$BUILDARCH" != "s390x" ]; then
       install -m 644 $KEYMAPS $MBD_DIR/etc/keymaps.gz


- -- David Cantrell <dcantrell redhat com>
Red Hat / Honolulu, HI

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkvoojEACgkQ5hsjjIy1VknuaQCgl93TA4IlX3szvoy/UhKbOBG8
MY4An1UiXAZOFeuPTxVv3Xit/QnPdtRN
=T3NX
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]